June Windows Update To Be Biggest in a Year

Supersonic1425 writes "The BBC reports that this month's security update from Microsoft will be the one of the biggest this year. Nine of the patches are for Windows — one classed as critical — two are for Office and one for the Exchange e-mail server software." From the article: "At least one of the loopholes being patched is already being actively exploited by malicious hackers. ... Microsoft is not only tackling security problems but also the fallout of a legal case that the software giant lost."

Sigh. It's gonna be...

[chachacha]

...a long week.

Genuine Advantage to Upgrading

Come get your Microsoft Genuine Advantage Notification spyware tool updates... hot off the compiler.

let me be the first to say

[PrescriptionWarning]

that the genuine windows advantage checker thing is going to be making a lot of people mad when they find out their copy of windows won't update. Prepare ass for violent kicking by viruses!

Re:let me be the first to say

[ocbwilg]

that the genuine windows advantage checker thing is going to be making a lot of people mad when they find out their copy of windows won't update. Prepare ass for violent kicking by viruses!

That's not the biggest problem that I have with WGA. My problem is that it phones home every morning, using the connection settings from IE, but it doesn't support Integrated Windows Authentication like IE does. That means that proxy users (like all of mine) get "mysterious" proxy authentication requests every morning when they log in (those few who have WGA already installed).

Well, that, and the fact that no matter what you can't uninstall it. Sound like someone needs to file a lawsuit to get MS to take notice.

Reinventing their Wheel

[dsginter]

Just when XP is nice and patched and secure, they'll release Vista and start the process all over again.

Yummy.

Re:Reinventing their Wheel

[xusr]

It's so true. The really sad thing is it's predictive value for Vista's ship date.

Re:Reinventing their Wheel

[IAmTheDave]

You mean, just when XP is patched again, surely unsecure, and dialing home at a constant basis...

No doubt that you won't be able to install this "major" update without downloading the Windows Genuine Advantage tool, which constantly calls back to Microsoft with who knows what kind of information - you know, just in case it crashes.

Thank God I went OSX. I never pirated XP (maybe ME when it was in beta) but this "if you didn't do anything wrong you have nothing to hide" bullshit has gone too far.

Re:Reinventing their Wheel

[geobeck]

I think patch days like today are an indication that XP will never be "patched and secure." And probably, neither will Vista.

But if you're switching to Mac, beware of the purists who seem to think Mac use is a royal privelege or something.

Re:Reinventing their Wheel

[humina]

Ow. Thant link hurt my grounded in reality bone.

Re:Reinventing their Wheel

[Aqualung812]

WHAT OS is "nice and patched and secure"?

Every OS has flaws right now. While some might announce their flaws right when discovered, and others try to hide them until they have a patch, they all have holes right now that just have not been discovered.

Yes, Vista will have patches. So will OSXII. So will FC6. It is flawed code by flawed people. Deal with it.

Re:Reinventing their Wheel

[Goblez]

Software is too dynamic to reach a 'finished' state for something as complex as an operating system. There is always something to fix, improve, or some new bug/vulnerability to patch. No, XP will never reach that 'golden' state where it doesn't have problems/security holes. Rather M$ will just move it's focus to Vista (mistakenly early I suspect, as the majority of user base is most likely just getting to XP now), and open up that new can of worms.

On a side note, this is the precise reason M$ needs to build an O/S from the ground up with security in mind and abandon it's legacy of insecurity.

Re:Reinventing their Wheel

[gunnk]

Your last sentence is correct and is, at the same time, the reason I think Vista is going to be a mess. The key word is "legacy".

If you want to shed many of the problems plaguing Windows you are going to have to stop tacking on old code for the sake of backwards compatibility. Apple has made major breaks with old software and then provided "bridge" software to help users over the hump (Classic to support pre-X apps, Rosetta to run pre-Intel binaries).

Unfortunately, it doesn't look to me like this is where Vista is going. Instead, Vista looks to me to be a complete rewrite that includes tacking on huge amounts of old junk to keep everyone's old apps happy WITHOUT need for a compatibility-mode environment.

Makes me very nervous that we are facing an even more bloated OS with lots of baggage from previous versions thrown in. As a sysadmin, I sure hope I'm wrong...

How much in lost revenue ..

How much in lost revenue is all this Microsoft Patching costing the real economy?

Re:How much in lost revenue ..

[muhgcee]

I would guess that it is the security vulnerabilities that are the real cost, not the patches.

Re:How much in lost revenue ..

[Trigun]

Ever patch a system and have some core services not work after?

The patches cause downtime as well.

Re:How much in lost revenue ..

[muhgcee]

Yes, I have. But the wording on the original comment made it sound like if Microsoft just didn't patch the vulnerabilities, it would save us all a lot of money.

Re:How much in lost revenue ..

[plague3106]

Yes, I've installed exactly one patch that messed something up. It wasn't for server though, it was for WinXP. And it messed up something with ASP.Net. It took a bit of time, but I eventually found how to fix ASP.Net.

As a final note, I'd like to add in that of the 25 developers all running the same OS and hardware, there were only two of us that had this problem.

Re:How much in lost revenue ..

Probably not as much as you think - my employers spend more each year ensuring our carfleet is legal and safe to be on the road than they do on the entire IT budget, and yet both resources are vital to the companies wellbeing. No unpaid overtime or overruns here tho.

Re:How much in lost revenue ..

[norman619]

Do you really think it would be any different had some other OS become the #1 OS? Highly unlikely. Had Linux, Mac OS, or anything else become as widely used as Windows is today guess what? We'd still be going through this. There is no such thing as bulletproof code. HAckers and crackers will always find flaws to exploit and the code owners will always be playing catch up. Your post sounds like just another bitter person sticking it to MS cuz they can.

Re:How much in lost revenue ..

Wow, that's never been said before. Try pulling your head out of your ass and post again.

The majority of servers, you know, the ones on those REALLY FAST connections, are running *NIX. You're telling us those aren't a target?

Re:How much in lost revenue ..

[Surt]

How much in lost revenue is all this Microsoft Patching costing the real economy?

And perhaps more interesting:
How much more would it cost not to patch?

How much more would it cost to patch a comparable number of linux installations.

Re:How much in lost revenue ..

[naelurec]

Do you really think it would be any different had some other OS become the #1 OS?

Yes.

1. Other operating systems have a user security model that works. WinXP is still very difficult to maintain regular (non-admin) users. There is a LOT of workarounds that are required to make it function correctly (I think MS engineers call these "shims") due to application developers not testing for this scenario, unlike other systems (Mac OS and *NIX demand it).

2. This model has been utilized by *nix systems for over 30 years. While security issues have been found, they have largely been eliminated and it is infrequent to find escalation issues.

3. *nix systems are inherently very modular and consistent throughout. As a result, it is much easier to roll out a patch and rollback if necessary compared to Windows. Furthermore, given this architecture and well established APIs, it is easier and quicker to test patches and release them (not to mention provide competent admins actual source code access to understand the changes made -- let it be at the distribution level, corporate or organizational level).

4. *nix has a long history of being used in untrusted, multi-user settings (servers, thin clients, terminals, universities, banks, you name it..). Windows inherently *trusts* the user .. *sarcasm on* I think Bill Gates called this "Trustworthy Computing" .. just trust everyone will do the right thing *sarcasm off* ..

Windows/DOS from the beginning has assumed a single, trusted user. It wasn't until NT came around that a true security model was inplace, but even that didn't take to the mainstream until XP arrived in 2001. Even with the release of XP and the possibility of enhanced security (underprivleged users), Microsoft elected to favor backwards compatibility/ease of use and defauled to Administrative level access for all users instead of enforcing underprivleged users and slapping application developers upside the head to write good code (Though in the 3rd party's defense, even Windows XP has some issues with the entire underprileged user configuration..).

5. So now we are on the verge of "Vista" .. while they are claiming a better security model, it appears that much of the legacy Windows apps are not functioning properly (even inside of Vista) -- ie the multiple steps required to remove an "all users" desktop icon.

Anyways.. thats my take. Sure, any operating system *could* be run in such a way where a user can load up malicious code and undoubtedly, there will be bugs in the source code (it is written by humans after all..) --- however, given the initial focus on Unix to be utilized on untrusted networks in a multi-user environment and the fact they have had over 30 years to fine tune the code, make the code modular and it is still very prominent today (it was done right the first time) makes me think it is a valid, time tested model.

Compare this to the Microsoft model where every few years they have the "bet the company" on a new model.. its apparent to me that they simply are not building a model that is solid. Over the past 20 years, they have released what I consider 5 distinct versions of Windows (Windows 1, Windows 2, Windows 3, Windows 95, Windows NT) -- all with major fundamental changes in how they function. Windows Vista could very well be the sixth version (Atleast it *should* have been.. but with all the feature cut, it might not be..). This is compared to *nix where a lot of fundamental philosophies and tools very much date back over 30 years.

Re:How much in lost revenue ..

[Gumph]

yes, too many, too often - patching windows is a little bit like playing russian roulette with the server in the place of your head!

and don't anyone give me that 'you should test first, before applying any patch' garbage, come and give me another administrator for free plus a big ass server to run all the virtual images we would need to test all the different configs on and then I'll test!

Re:How much in lost revenue ..

[drinkypoo]

Just remember to count the majority of your application patches against the windows update time, too. With Linux, most of the applications I use are managed by the distribution and updated automatically for me, instead of having nine update managers running all the time when I'm running programs, or at each program start. (Adobe Reader, Sun Java, the Windows update system, Firefox does its own updates, Macromedia products all check for updates, et cetera.)

Re:How much in lost revenue ..

[drsmithy]

This is compared to *nix where a lot of fundamental philosophies and tools very much date back over 30 years.

Personally, I think it would be hilarious to put one of today's average unix users (ie: Linux brats) on to a thirty year old unix system. Heck, even just sitting them down in front of an early- mid-90s commercial unix would be quite entertaining.

The suggestion that the world would be (markedly) different if some other OS was #1 is silly to begin with, but trying to say that all the other OSes around today would be exactly the same if they had spent the last twenty years in the same position as DOS and Windows beggars belief.

90% of the "problems" in Windows (both perceived and actual) are because of the end users (which includes developers, in this context). If the user demographic was substantially different, the OS would be as well. This applies equally to unix - if you think unix would be the same today if it were on 95% of end user PCs, you're delusional. Similarly, if you think it subsequently wouldn't be suffering from the same "problems".

Re:How much in lost revenue ..

[naelurec]

Personally, I think it would be hilarious to put one of today's average unix users (ie: Linux brats) on to a thirty year old unix system. Heck, even just sitting them down in front of an early- mid-90s commercial unix would be quite entertaining.

To believe what I wrote implied that there have not been any advancement on *nix over 30 years (or even 10 years) is stupid. There are many commands and tools that are very much in use today that would be found on either of those systems. I was more inferring that many of the core philophosies (file system permissions, file hierarchy, help systems, shells, everything is a file, logging, multi-user capability, etc..) while perhaps improved, have not have to be junked and rebuilt (as with Windows). Even with NT to Windows 2003 (10 year span, same core kernel architecture), there are very marked differences in how day-to-day administration tasks are handled. With *nix, I find knowledge builds on itself and is not necessary "obsolete" nearly as often as in Windows.

90% of the "problems" in Windows (both perceived and actual) are because of the end users (which includes developers, in this context). If the user demographic was substantially different, the OS would be as well. This applies equally to unix - if you think unix would be the same today if it were on 95% of end user PCs, you're delusional. Similarly, if you think it subsequently wouldn't be suffering from the same "problems".

Obviously, this is purely hypothetical. It could very well be if Microsoft did not exist, the market would have been divided among multiple operating systems.. Perhaps without a dominate player, it would have fostered much more competition, a higher priority to write platform agnostic code and development tools that fostered cross platform development. Perhaps because of this, computing hardware would have been more expensive and as a result, things such as thin clients and server-centric computing would have prevailed. There is no way to know. As a result, it VERY WELL COULD BE that the demographic *COULD* be substantially different. It could very well be that network centric computing could have prevailed and as a result, networks were maintained by professional system administrators and their expertise in knowing all the pros/cons of various software solutions would have played a much bigger role in corporate technology meetings resulting in glossy sales pitches from inferior software vendors being dismissed.

The bottom line is Microsoft is a marketing company. It is not a company that prides itself on building superior technical solutions. Microsoft has been very successful because it was able to market itself better than the competition and was willing to engage in business practices that other companies may have felt were unethical or illegal. Many times throughout Microsoft's history, the marketing of a product determined feature sets and release dates. Microsoft understood early on that it was not a matter of building a great product but a product that was good enough that people would buy. As a result, a lot of fundamental functions found in other systems were absent or minimally developed in Windows. Check out Vista for example -- development on a flashy new interface took presidence over fundamental archtecture that would have made Vista technically superior (but harder to sell). A technology driven company would have put preference on the technically superior solution and side-lined the flashy graphics.. Microsoft being a marketing company has done and is doing the exact opposite.

Re:How much in lost revenue ..

[drsmithy]

To believe what I wrote implied that there have not been any advancement on *nix over 30 years (or even 10 years) is stupid. There are many commands and tools that are very much in use today that would be found on either of those systems.

That wasn't what I meant. Unixes have changed a lot in the last 30 - hell, even the last 10 - years. Many of those "same" commands on older systems will not behave in the same way. Many tools you are probably used to on a modern unix system (like bash) didn't exist.

Windows has certainly change _more_, but that's to be expected from a platform that's only 10 - 15 years old, vs 30. The claim that Windows is *always changing* is, IMHO, greatly exaggerated.

It could very well be that network centric computing could have prevailed and as a result, networks were maintained by professional system administrators and their expertise in knowing all the pros/cons of various software solutions would have played a much bigger role in corporate technology meetings resulting in glossy sales pitches from inferior software vendors being dismissed.

I would argue such an outcome is incompatible with the prevalence of computing in the modern world. It's an inherently slow-growth scenario.

The bottom line is Microsoft is a marketing company. It is not a company that prides itself on building superior technical solutions.

Interesting you say that, because my observations (and interactions) with pretty much everyone involved with Microsoft is that they *do* pride themselves on building "superior technical solutions" - within the constraints they have to work with.

I'm guessing the problem here is different definitions of "superior technical solutions" - and yours doesn't allow operating within the constraints of an existing system.

Check out Vista for example -- development on a flashy new interface took presidence over fundamental archtecture that would have made Vista technically superior (but harder to sell).

Ignoring that Vista has *substantial* (relatively speaking) "under the hood" modifications and improvements, there's not a lot about the "fundamental architecture" of NT that _needed_ changing. It's the technical equal of - and in many cases superior to - its contemporaries.

I'll also point out that for 90% of users, the UI is one of the most important aspects of an Operating System. Particularly when the underlying core is already quite solid, there really isn't anywhere else where significant improvements are noticable or justified.

A technology driven company would have put preference on the technically superior solution and side-lined the flashy graphics.

What is your example of such a "technology driven company" ? What would the "technically superior" solution have been ?

Re:How much in lost revenue ..

[naelurec]

Windows has certainly change _more_, but that's to be expected from a platform that's only 10 - 15 years old, vs 30. The claim that Windows is *always changing* is, IMHO, greatly exaggerated.

Ignoring that Vista has *substantial* (relatively speaking) "under the hood" modifications and improvements, there's not a lot about the "fundamental architecture" of NT that _needed_ changing. It's the technical equal of - and in many cases superior to - its contemporaries.

So what is it? Is it always changing (release to release) or is it not? Seems like you want it both ways. I think a big difference is with *nix, administrative tasks tend to happen much closer to the core than in Windows which seems much more abstracted. Its this abstraction that tends to change frequently in Windows. The fact that this continues to change and depreciates old methods of accomplishing tasks is generally indicitive of a lower quality solution.

I would argue such an outcome is incompatible with the prevalence of computing in the modern world. It's an inherently slow-growth scenario.

Perhaps the technology leaders have had more impact on the modern world than you give credit. Perhaps if Microsoft wasn't around, the original IBM PC would have flopped, upstart manufacturers (ie Compaq) would have continued the trend of building an operating system/apps for the hardware and the use of computers would have grown much slower. IBM gave creditbility to the concept of a PC for business use. It could have flopped and they could have easily axed the project for several years (or longer). It is very possible that many clone startups simply would not have been launched (no business market .. just a hobbiest market) and the other key player, Apple, would have maintained their higher-end machines (ie Lisa).

Interesting you say that, because my observations (and interactions) with pretty much everyone involved with Microsoft is that they *do* pride themselves on building "superior technical solutions" - within the constraints they have to work with.

I find that last part of your comment very interesting. I do agree that Microsoft does have perhaps some of the most brilliant people in the industry working for them. What are these constraints you are referring to? The marketing side of Microsoft? The structured, business centric management style (versus the free flowing, creative style of innovative technical companies)? The constraints of building software to satisfy both short-term and long-term shareholder wealth? I tend to believe that super technical solutions and feature complete designs do not bode well for long-term shareholder wealth.

I'll also point out that for 90% of users, the UI is one of the most important aspects of an Operating System. Particularly when the underlying core is already quite solid, there really isn't anywhere else where significant improvements are noticable or justified.

Are we referring to desktop Linux or Windows?? I'll agree, the Linux core is quite solid .. perhaps a few more GUI config tools might be nice but I think largely the UI is quite impressive (Both the CLI and GUI). As far as Windows, you just said there were "*substantial* (relatively speaking) "under the hood" modifications and improvements". Wasn't it just 5 years ago that Microsoft was announcing "*substantial* "under the hood" modifications and improvements" when it released Windows XP as an upgrade from Win98SE/Me? Seems to me that this core is not quite as solid as you think it is. The fact they have had so many issues getting their new version out on time seems that it is getting long in the tooth and not capable of meeting todays computing needs.. whereas *nix after 30+ years is still meeting the needs and filling niches.

Re:How much in lost revenue ..

[drsmithy]

So what is it? Is it always changing (release to release) or is it not? Seems like you want it both ways.

Please don't be asinine and disingenuous. Those two comments were referring to two different aspects of the OS, and you know it.

I think a big difference is with *nix, administrative tasks tend to happen much closer to the core than in Windows which seems much more abstracted.

You seem to be mistaking "GUI" for "more abstracted". A GUI is no more abstracted than a CLI (well, not in principle anyway - the proclivity of Linux developers for writing GUI wrappers around CLI tools might make some think otherwise).

Its this abstraction that tends to change frequently in Windows.

I assume you're talking about UI. The UI in Windows - particularly on the server side - has not changed markedly since Windows 2000. Certainly there is far more variance between different Linux distributions than there is between different versions of Windows. Start going across unixes and the differences pile up even more.

Just because you can run 'vi somefile' on every unix, doesn't mean adminning them is the same. Plonk someone who has never used anything except RHEL in front of a SCO Openserver machine, for example, and they'll be in for a world of hurt.

The fact that this continues to change and depreciates old methods of accomplishing tasks is generally indicitive of a lower quality

On the contrary, it's indicative of *ever improving* quality.

Just because you do everything in unix by editing text files and have been able to pretty much forever, does not make that method better. Indeed, hand-editing text files is an *atrocious* form of systems management, that sucks in just about every way imaginable. That this is still a commonly accepted method of managing unix machines is a sign of close-minded stagnation, not "higher quality".

Perhaps the technology leaders have had more impact on the modern world than you give credit.

The problem with your alternatives is that they are not conducive to the incredibly rapid growth the "PC" market underwent. In a highly diverse environment, creating and maintaining interoperability, in particular, both slows growth and limits opportunities for new, innovative ideas (so does having a monoculture - as always, the best solution is somewhere in the middle).

find that last part of your comment very interesting. I do agree that Microsoft does have perhaps some of the most brilliant people in the industry working for them. What are these constraints you are referring to? The marketing side of Microsoft? The structured, business centric management style (versus the free flowing, creative style of innovative technical companies)? The constraints of building software to satisfy both short-term and long-term shareholder wealth? I tend to believe that super technical solutions and feature complete designs do not bode well for long-term shareholder wealth.

I was referring mainly to technical constraints - although these are, at a very high level, dictated by the other requirements you mention. Legacy support is, of course, the obvious one.

Again, without an idea of what you consider "technology driven companies", it's difficult to have a discussion about it.

Are we referring to desktop Linux or Windows??

I was referring to Windows, but it applies equally to modern-day Linux distributions.

I'll agree, the Linux core is quite solid .. perhaps a few more GUI config tools might be nice but I think largely the UI is quite impressive (Both the CLI and GUI).

I cannot agree. Linux is a patchwork quilt of different tools, written by different people, to different standards, for different purposes, and it shows. There have been valiant (and ongoing) attempts to try and layer a good UI over the top of it, but they still have a lot of work to do. Even within the realms of free unixes, the BSDs - while still suffering

Re:How much in lost revenue ..

[naelurec]

While I have enjoyed this friendly banter, I believe our viewpoints and perspectives on the issue differ too much to enlighten each other.. and it is a shame to put this amount of effort into these very long posting to not atleast get some karma for our efforts. :)

Having said that, it would be discourteous of me not to respond to your lengthy reply. So here it comes..

1. As far as "more abstracted" .. It has nothing to do with the GUI, it has to do with the fact that many aspects of Windows are "off limits". I have the full source to my *nix machines and basic introductory text tend to fully explain how the entire system functions. This empowers me as an adminsitrator to quickly diagnose and correct issues. Windows troubleshooting tends to be largely curing symptoms of issues due to the fact that core problems are less easily uncovered (such as a bug in an application, I have no way to personally go in and analyze the code or have tools at my disposal to easily debug an application to find the root cause.. generaly this requires support calls and waiting around for a solution).

2. There is more commonality in different variations of *nix than differnet releases of Windows (Windows 3.x vs Windows Vista for example). While commands may different, underlying philosophies are largely the same and while it does take some time to become acquanted with a different variety of *nix, a large set of core knowledge about the system is applicable from one to the next (ie hopping between FreeBSD and RedHat or Solaris). Given that there is no equivilent in the Windows world, I think this is largely a moot point.

3. I'll agree with Linux being a patchwork... its definitely getting better, but I migrated from Linux to FreeBSD about 3 years ago and while I do like to tinker with Linux on occasion, I definitely enjoy the consistency of FreeBSD. When discussion *nix vs Windows, I tend to overlook the patchwork-esqe qualities of Linux due to my far more familiarity with FreeBSD, and for this, I am wrong.

4. When I originally started using Linux after using Windows for close to a decade, I was put off by the lack of GUI config tools.. while the situation has improved, I have found the use of these GUI interfaces to be lacking when compared to editing text based configs. I find the power to script against the configs, configuring versioning and test different configs very useful. The fact that Microsoft is developing monad and greatly enhancing its CLI interface (along with XML based configs, etc..) tend to lend creedence that perhaps configs *should* remain in the textual relam.

5. "capable of meeting todays computing needs" .. there are many areas that Windows falls short. It does not scale well either up or down. Microsoft had to release the WinCE which besides having the Windows name and being developed by Microsoft is a completely separate code base. Linux has been scaled to work on cell phones, PDAs, set-top boxes (Tivo), embedded applications, networking boxes (ie Linksys Routers) and so forth. Even at the high end, Linux has been scaled to work on the fastest of the supercomputers. It has proven itself as a capable server system at a variety of levels. Besides perhaps a lack of 3rd party support, it is even a very respectable desktop OS that continues to gain traction and marketshare. Linux and BSD's are able to run on a variety of hardware platforms and CPUs. It is generally one of the first operating systems to be ported to a new platform. Take a look at how long 64-bit Windows took to debut. This is what I am talking about. Staying with Windows limits your choice in hardware and your choice in how to deploy your technical solution. While it may work adequately for tasks Microsoft has deemed within its focus, it has not proven to scale well outside of that realm.

Perhaps after typing all of this, looking back, everything is largely "market driven" and perhaps not "technically better" (in a very broad sense). Ultimately the issue en

Re:How much in lost revenue ..

[drsmithy]

1. As far as "more abstracted" .. It has nothing to do with the GUI, it has to do with the fact that many aspects of Windows are "off limits". I have the full source to my *nix machines and basic introductory text tend to fully explain how the entire system functions. This empowers me as an adminsitrator to quickly diagnose and correct issues. Windows troubleshooting tends to be largely curing symptoms of issues due to the fact that core problems are less easily uncovered (such as a bug in an application, I have no way to personally go in and analyze the code or have tools at my disposal to easily debug an application to find the root cause.. generaly this requires support calls and waiting around for a solution).

While you certainly don't get the Windows source as a matter of course, the documentation - if you can be bothered to look (and, I'll agree, most cannot) - is quite comprehensive. I think your comment regarding "abstraction" is misguided, because I don't know any other unix admins who consider looking at the source code to their OS as a normal part of their system maintenance. I know *I* certainly wouldn't and would consider even the suggestion that it be considered "normal" or "recommended" to be a serious flaw in the platform. Most unix users - even admins - are using "user friendly" (for unix) tools that are really no different to the GUI tools in Windows. Just 'cause you type it and don't click on it, doesn't mean you're running any closer to the bare metal ;).

2. There is more commonality in different variations of *nix than differnet releases of Windows (Windows 3.x vs Windows Vista for example).

This comparison is ridiculous. Even ignoring that Windows 3.1 is ca. 1991 and Vista will be ca. 2007, they are *completely* different OSes. It's impressive they have anything in common at all.

While commands may different, underlying philosophies are largely the same and while it does take some time to become acquanted with a different variety of *nix, a large set of core knowledge about the system is applicable from one to the next (ie hopping between FreeBSD and RedHat or Solaris).

This is silly. There are a similar set of "philosophies" - if you can call them that - that flow through the various versions of Windows as well. Menus, GUI concepts (eg: Control Panel), etc. Sure, the exact implementations differ between the different releases, but the basic principles are all the same (with the concession of measuring from the introduction of Windows 9x, not 3.x).

3. I'll agree with Linux being a patchwork...

It's not just Linux (although it is, by far, the worst offender). The whole unix community is *full* of "solutions" that are ugly messes of hacked together, poorly documented components that only barely work well together, mostly due to luck and brute-force coding, rather than specification and design.

For example, this morning I spent several hours trying to do rolling "upgrades" of some of our ha-linux clusters. It took several hours because I discovered what appeared to be incompatibilities between various minor revisions of the heartbeat software and also problems compiling more recent versions of it on some machines. The documentation wasn't particularly help and neither were the mailing list archives (for a change).

Now, I'll be the first to admit I was being a bit cowboyish by not duplicating the existing infrastructure onto dev servers and simulating the upgrade process first, but it was a minor point update, for gawd's sake...

What *really* magnifies my frustration factor is that the Open Source world is *rife* with these sorts of "solutions" that regularly takes processes touted as quick, easy and painless (as they should be) and turns them into day-long marathons involving mailing list searches, CVS code patches (or, even better, the "mailing list post patch"), specific compiler versions and dependency hell.

4. When I originally started using

Re:How much in lost revenue ..

[naelurec]

While you certainly don't get the Windows source as a matter of course, the documentation - if you can be bothered to look (and, I'll agree, most cannot) - is quite comprehensive.

Can you recommend some reading? I have a myriad of books on NT, 2000, XP and Windows 2003 Server (yes I do admin these systems) but even after reading extensive documentation, I still very much feel like there is a black box level that is inhibiting me from truly groking the system. Do realize that I have used Windows for far longer (~16 years) than *nix (about 6.5 years).

because I don't know any other unix admins who consider looking at the source code to their OS as a normal part of their system maintenance.

It is useful. There have been many times I have found having access to source code to be quite useful in adding a feature here, adjusting a database, etc..etc.. Even checking out diffs for updates can be enlightening -- espeically (As you have mentioned) when stuff goes wrong. As mentioned, with Windows you are stuck with relying on others (generally phone support to someone who doesn't care) to resolve even very simple issues.

serious flaw in the platform

Obviously a difference of opinion. Having the option to dig down, debug and fix issues in the field is very powerful. While I don't have to do it often, when the need arises, it is really great to truly understand why an issue happens versus largely guessing, reinstalling or otherwise waiting for a support person to attempt to recreate the scenario and develop a solution. Sure, not all administrators have the skill set to do these things, but its nice not to be limited when the need arises.

I was being a bit cowboyish

Indeed. I'm guessing these were fairly critical servers to be having a cluster/HA config. Thats one of the features of Linux .. you can get into that bleeding edge software (CVS code patches?!?) and end up finding yourself part of the development cycle. I really don't think thats a recommend approach for managing production level servers -- especially without testing on a dev server first. Seems like an enterprise grade distribution and only using approved updates would have been a smarter thing to do.. even if it is using a freebie version (ie CentOS). Besides, once you got in over your head, you should have rolled back the system (you did save a copy of the old package/source tree.. yes?).

The capabilities in such a system for security, auditing, concurrent access, consistency and automated backup/revision control - to name a few - are primitive at best.

Throw it into a revision control system and your off and running. Pretty standard stuff.. I'm curious, talking about concurrent access, consistency, revision control, versioning, etc.. how are these things handled in a Windows environment? Things like active directory/group policy are great for centralization, but I've haven't really seen where I can get revision/version control .. granted, the Windows networks I help maintain are relatively small (under 100 client systems, one or two servers) so administrative access is largely restricted, but to understand config changes over time would be useful.

error-prone humans are continually forced to do work that computers can do faster, more reliably and more accurately.

*shrug* I dunno.. Even when setting up Mac OS X servers which do have a lot of semi-decent GUI tools (or even Webmin which does a good job for gui based configuration) I still found myself regularly editing configs directly due to the fact the GUI was lacking in fully exploiting the configuration capacity of an application. The Windows method has largely been to develop overly complex options/customization dialogs with tiers of tabs and hundreds of check boxes, pull downs and other widgets.. I guess after a while, I find doing a text

Re:How much in lost revenue ..

[drsmithy]

(Sorry for the slow response).

Can you recommend some reading? I have a myriad of books on NT, 2000, XP and Windows 2003 Server (yes I do admin these systems) but even after reading extensive documentation, I still very much feel like there is a black box level that is inhibiting me from truly groking the system. Do realize that I have used Windows for far longer (~16 years) than *nix (about 6.5 years).

Not really. If you've trundled through numerous publications like "Inside Windows NT", along with MSDN and websites like sysinternals.com, there's not really much left short of getting a job at Microsoft ;).

Windows is always going to fundamentally be a black box - I don't dispute that. What I do argue is that a) the average unix system is just as much a black box to the average unix administrator, even the more old-skool ones; and b) this doesn't have a meaningfully negative impact in the real world.

IMHO, adding users by running 'adduser blah' or even by manually editing /etc/passwd and friends is not meaningfully less abstracted than clicking "Add User" in Windows.

Obviously a difference of opinion. Having the option to dig down, debug and fix issues in the field is very powerful. While I don't have to do it often, when the need arises, it is really great to truly understand why an issue happens versus largely guessing, reinstalling or otherwise waiting for a support person to attempt to recreate the scenario and develop a solution. Sure, not all administrators have the skill set to do these things, but its nice not to be limited when the need arises.

I don't disagree it's powerful, I just think if it's something that is relied on, it is a flaw in the platform and leads to more problems than benefits.

I *should* be able to treat the machine as a black box, as should my users. Outside of exceptionally extraordinary circumstances (which as a non-specialised professional, I would not feel ashamed at being unable to address), intricate knowledge of system internals should not be necessary.

I can program competently, and have in the past. However, I certainly don't have the natural coding talent to grok the complex, non-trivial pieces of software in any sort of reasonable timeframe. Nor do I have the time, or - quite frankly - the inclination to spend doing so to fix something that shouldn't have broken in the first place.

Access to the source code is certainly a nice bonus, but I seriously question its usefulness for the vast majority of cases.

Basically, my position boils down to this: the more time I have to spend worrying about, learning about and dealing with, intricacies and technical details of a platform, the less time I have to be *using* that platform to provide faster, more reliable and more featureful services to my end users. Computers aren't hobbiest toys any more. It is no longer acceptable for the high priests of technology to have the only keys that unlock the productivity gains and lifestyle improvements computers offer. Modern platforms are simply too big and complex to expect more than a handful of people *anywhere* to be able to fully understand every aspect of them, and people shouldn't have to just so they can use them (and, yes, us sysadmins are users as well).

I live for the day when systems administrators will be anachronistic relics of the past - when computer errors only happen when the hardware is broken. Realisticall, I doubt that day will ever come, but I consider it the goal we should be striving for.

Indeed. I'm guessing these were fairly critical servers to be having a cluster/HA config. Thats one of the features of Linux .. you can get into that bleeding edge software (CVS code patches?!?) and end up finding yourself part of the development cycle. I really don't think thats a recommend approach for managing production level servers -- especially without testing on a dev server first.

Well, these weren't exactly

Re:How much in lost revenue ..

[naelurec]

Obviously it sounds like we both find value in both systems (we are using both.. though it sounds like I lean slightly more heavily toward the *nix usage).

IMHO, adding users by running 'adduser blah' or even by manually editing /etc/passwd and friends is not meaningfully less abstracted than clicking "Add User" in Windows.

It is very clear how the system functions in *nix. When reading books on system administration regarding *nix, it does go into detail on boot process, configurations, how tools/applications interact with one another, etc.. Couple this with generally very good verbose output (either to the console or the syslog), it is very easy to pin-point problems when they exist. As a result, I feel more confident in resolving an issue due to this openness compared to Windows (which troubleshooting tends to take the form of running various 3rd party tools or diagnosing vague error messages or symptoms). While I think abstraction level is a good term for this, perhaps I am mistaken.

Windows is always going to fundamentally be a black box - I don't dispute that. What I do argue is that a) the average unix system is just as much a black box to the average unix administrator, even the more old-skool ones; and b) this doesn't have a meaningfully negative impact in the real world.

#1 Windows is a blackbox -- limits capability. #2 open source *nix is not. It has a meaningful impact on the real world. Open source *nix runs on more hardware. It fosters "3rd party" development throughout the entire scope of the system. It allows scaling and fine-tuning that is not possible in Windows (which I might add in certain circumstances has provided a huge performance boost). Openness and open standards are the fundamental underpinnings of the Internet, sites like google (given the sheer amount of low-level tweaks Google has made to Linux, I *highly* doubt Windows could have provided a platform for them to build their empire) and even new "killer apps" such as Asterisk and all it provides (Which btw is a GREAT example of openness vs traditional blackbox pbx implimentations). I think it has meaningful impact.

Well, there's little you can do about broken software on any platform. Unfortunately Windows has suffered a plague of the stuff, largely (IMHO) due to the unmatched low barrier to entry into developing for the platform.

Unmatched? A person can download Linux for free, boot it up on a computer for free and get a full suite of software development tools, for free. They can develop graphical apps (GTK or QT), standard C/C++ apps, web apps, database apps .. all for free. I can take any of this software developed for Linux, FreeBSD, whatever and package it up in a manner that can be distributed to hundreds of thousands of systems in a consistent, reproducable method. Look at FreeBSD .. I can install over 14,000 apps using "make install".. create a custom binary package and push it out to hundreds of systems with a full method of reporting if the update failed/etc. I don't BUY that it is due to the "low barrier of entry". It truly is aggervating. I guess Windows has much more broken software as there is VERY FEW apps that I can throw into a group policy and distribute without issues (oddly, most are open source packages such as PDFCreator.. funny).

Another problem with Windows, being more designed and coherent rather than evolved and fragmented like Unix is/was, it tends to rely on a similarly "designed" and "coherent" infrastructure to work well. If you don't have - and can't provide - that, you're probably never going to get it working at its peak potential.

Give me a break. The only reason why it gets its "peak potential" is due to Microsoft's reluctance to open up its protocols and APIs. period. It has nothing to do with the design. Microsoft breaks compatiability consistently.

Vista is the bigger patch.

[Tei]

But vista will not be release this year :D

Re:Vista is the bigger patch.

[ST47]

thats the point. by the end of the year, XP will not be fixed :)

Get your facts straight...

[Phil+John]

...genuine advantage failure doesn't mean unpatched windows. Security updates will still be downloaded if you select "automatic updates", you just can't download nice addons like windows defender, media player etc.

Re:Get your facts straight...

Correct, but it does mean you have to wait for the auto updates tool to do its thang, which in my experience isn't always when you tell it to. You aren't able to simply open windows update in your web browser and apply the critical updates from there.

Re:Get your facts straight...

you just can't download nice addons like windows defender, media player etc.

Cool, how do I get WGA to fail? And will it get rid of IE and Messenger too?

Re:Get your facts straight...

And that's not even true, really, since anyone with a pirated copy of XP knows that it's easy enough to install those things without Microsoft's approval.

Nice try!

Re:Get your facts straight...

[telchine]

"Security updates will still be downloaded if you select "automatic updates", you just can't download nice addons like windows defender"

You don't class windows defender a security update?

From Microsoft...

"Windows Defender is a free program that helps protect your computer against [...] security threats"

Come on admit it, you thought Windows Defender was Microsoft's version of the popular 1980's arcade game didn't you?

Re:Get your facts straight...

[Svet-Am]

funny as that is, Microsoft doesn't classify it as a security update. They classify it as an 'extra' download because it's a standalone app instead of being some kind of patch inside Windows proper.

Re:Get your facts straight...

[clydemaxwell]

I could be wrong, but won't "wuauclt.exe /detectnow" do that for you?

Re:Get your facts straight...

[telchine]

My favourite bit of Windows Defender is this in the FAQ: When Windows Defender (Beta 2) detects potentially unwanted software, it shows you how customers who participate in the opt-in network voted to classify the software. This helps provide you with more information even before Microsoft analysts evaluate the software. So loads of Windows users who haven't got a clue start pressing "yes" to everything, and the rest start following! It's the blind leading the blind. I have visions of lots of Windows Lemmings following each other off a cliff.

Re:Get your facts straight...

[jacksonj04]

It's opt-in only. If you haven't explicitly said "I want to help classify things" then all you get is the signatures. Plus, afaik, the 'community' signatures only stop the software from running (And provide a user prompt, which doesn't feed back to the network). It needs an MS analyst signature to confirm it as spyware and automatically nuke it.

Re:Get your facts straight...

[Dunbal]

I have visions of lots of Windows Lemmings following each other off a cliff.

      Why is this a bad thing, exactly?

Re:Get your facts straight...

you just can't download nice addons like windows defender, media player etc.

Dammit! Now the aliens will take all my humanoids and turn them into mutants!

Re:Get your facts straight...

[kimvette]

kim@kimp4:~> wuauclt.exe /detectnow
bash: wuauclt.exe: command not found
kim@kimp4:~>

Damn it, that just won't work for me!

Re:Get your facts straight...

[An+ominous+Cow+art]

> Come on admit it, you thought Windows Defender was Microsoft's version of the popular 1980's arcade game didn't you?

Somehow, I don't see Microsoft coming up with a working Smart Bomb. (Unless its version destroyed not only all enemies on the screen, but all humanoids as well).

Re:Get your facts straight...

[drinkypoo]

Windows Defender isn't a "nice addon", it's an absolute necessity given that Windows' security model is utterly broken. Well, granted, you can run Spybot S&D with the settings protection.

Re:Get your facts straight...

www.ubuntu.com ;)

Re:Get your facts straight...

You forgot to boot into that Windows install you're forced to use...

Re:Get your facts straight...

YES it does! no more updates.

the 1 concession according to MS is that it will allow win to continue to run despite being not valid.

they are shooting themselves in the foot with this policy

Re:Get your facts straight...

[Lord+Kano]

Won't WGA updates download automatically if Automatic Updates are turned on?

LK

ActiveX

[Jaruzel]

The bigger problem here is that this update enforces the ActiveX patch that was released a while back, y'know the one that causes inline ActiveX controls to not fire up, but to display that 'Click Here to Active This Control' message instead.

Not a major problem out on the Internet, but many Corporates have internal web apps where this patch is going to screw things up royally.

-Jar.

Re:ActiveX

[bheer]

Not a major problem out on the Internet, but many Corporates have internal web apps where this patch is going to screw things up royally.

IIRC, the workaround is to make sure your [object] tag is written out using (Java|VB)script. If you visit macromedia.com they use this technique and have a tutorial about it written up. And to be fair, MSDN's been letting developers know about this for ages.

Re:ActiveX

[Jaruzel]

Yes, very true. However the Internal Web Services team, are rarely the Desktop Updates Team, and in my experience (15 years in Financial IT) the two never talk. Also a lot of web apps are 'off the shelf' and the people that maintain them internally don't have the skills to rejigg the HTML - and also may not be aware that the vendor has or hasn't provided a workaround patch.

Either way, this patch release _must_ be managed correctly within the corporate IT space.

-Jar.

Re:ActiveX

[Pirogoeth]

Here's the page to which you probably were referring.

Microsoft has a tutorial on their MSDN site which discusses this as well.

Re:ActiveX

[plebeian]

A simple update to the default domain policy on all of your domains can head off any complications caused by this update. Any corporate IT department worth spit should be testing these updates before implementing them and will have dealt with this supposed problem in advance. I would be willing to bet that the people complaining about the release of patches are the same ones who complain about the lack of security in MS solutions.

Re:ActiveX

[Frankie70]

The bigger problem here is that this update enforces the ActiveX patch that was released a while back, y'know the one that causes inline ActiveX controls to not fire up, but to display that 'Click Here to Active This Control' message instead.

Not a major problem out on the Internet, but many Corporates have internal web apps where this patch is going to screw things up royally.


The fix is trivial

Takes a minute to implement.

Re:ActiveX

[Tim+C]

So, you click the control, and it works. I'm not sure I see the "royal screw up" to be honest.

Re:ActiveX

A quick fix is to buy this: http://objectfixer.com/ (no, I don't own it, nor do I make anything off the sale, I just happened to have used it with great success.)

Re:ActiveX

[gaspyy]

Macromedia/Adobe have two in-depth solutions for this. At least one of the works for any ActiveX.

There's also plenty of information on MSDN.

The same message.

[Jakob777]

Hasent every one this year (security update) been the most important update to date. They seem to be repeating themselves alot.... maybe we can expect XPse soon.....oohh wait they call that service pack now.

Re:The same message.

[Peldor]

Of course the latest security patch is the most important ever. It's the one you don't have!

You already have the previous patches. Once installed, it's unimportant how critical the original problem was (assuming the patch works).

Not having this patch is critical. Having it is benign. Just like all the others.

Re:The same message.

[jrumney]

I seem to get a Critical Security Update to Windows Genuine Advantage tool every week lately. Its a wonder Microsoft haven't given up and started uninstalling this useless peice of software if it has so many critical security problems.

Clarification

[BrynM]

From TFA:

Microsoft had to re-engineer Internet Explorer to stop a technology known as ActiveX automatically starting when users visit some websites. MS may have done this as a result of the Eolas suit, but the rest of us can consider it a security patch ;)

Re:Clarification

[bheer]

Microsoft had to re-engineer Internet Explorer to stop a technology known as ActiveX automatically starting when users visit some websites.

Huh? Flash would be out of business then. What the post-Eolas IE actually does is prevents the user from interacting with the ActiveX control until 'activated' with a click. (The control's running fine meanwhile, which means it can also be a security risk.) Also, this applies to controls put on pages with an honest-to-gosh [object] tag. If you write your [object] tag dynamically, say via Javascript, users can interact with your object without activating it first.

Re:Clarification

[BrynM]

What the post-Eolas IE actually does is prevents the user from interacting with the ActiveX control until 'activated' with a click. (The control's running fine meanwhile, which means it can also be a security risk.)

Ahhhh, then we can just consider it security Vista style being rolled out early. (thanks for the objet tag info BTW)

Re:Clarification

[GeffDE]

People talk about slashdot dupes but normally they're talking about articles. However, I swear that I saw the parent and grandparent posts when the article about the decision in the Eolas suit came out.

Re:Clarification

You haven't happened to see any black black cats lately, have you?

Strange Days

You know, a year or two ago the Windows virus/spyware situation was so bad that there was not a single person I knew who had a Microsoft machine didn't have catastrophic failures of their systems. Things have changed and they have changed dramatically since then. Every single one of the people I know who use Windows have switched to Firefox and I believe everyone is running the latest service pack for XP.

I can't think of any of them that have had any sort of virus or spyware disaster in months. It use to be there wasn't a week that I couldn't get ahold of one of these Windows users due to their email being out of action due to some virus they got from clicking on something nasty or whatever the hell Windows users do to get infected with the stuff.

And now with Linux and Windows getting GPU accelerated desktops - been using the latest Ubuntu with the desktop GPU stuff and it is sweet - I have to wonder if this is why we are seeing Apple's marketshare not only not growing but declining slightly over the past couple of quarters.

A year ago I was hearing cries of "I've had it with Windows! I'm getting a Mac!" or "I'm wiping Windows and installing Linux!" Those cries are gone.

Apple has the nicest looking desktop and the most refined feel, but I have to say Microsoft has finally gotten their shit together and I have to wonder if Apple is going to just fade away and go concentrate on iPods and the like.

(Oh yeah, golf clap for you fuckups in Redmond for taking a decade to fix your crappy code)

Re:Strange Days

[Ubergrendle]

"I can't think of any of them that have had any sort of virus or spyware disaster in months."

If that isn't an epic example of foreshadowing, I don't know what is.

foreshadow: To present an indication or a suggestion of beforehand; presage. ex. see Slasdot post by Anonymous Coward, Tuesday June 13, @08:57AM

Re:Strange Days

[ledow]

I work in tech support for six different schools and dozens of people for whom I do private jobs.

Your comment is just not true. I get calls EVERY week with someone wanting me to clean their computers (all of them XPSP2 at least). The problem is that the first thing that sort of junk does is stop Automatic Updates from working for everything from Windows to Antivirus to even targetting AdAware etc., so from then on even if the user "cleans" their machine, they aren't getting the updates they need (even though sometimes it looks like they are) and thus they are open to every future problem too (including those fixed in patches like this one).

People are still dumb, they still click, they still don't learn, no matter what it ends up costing them. Most of them are extremely casual about all this "Oh, yes, I got a virus/spyware/malware a few months back but so long as I don't do X, I don't notice", "Yeah, I've been getting these random popups for the past few months, if you have a minute could you have a look at them sometime?", etc. Personally, I'd be doing damage control the second I spotted one of these on my own personal computers but it's just tolerated by the average joe. They can literally put up with it for months.

I'm ALWAYS being told that "machines slow down when they get older", don't they? Makes sense to them but to me I'm just thinking "Yeah, only if they are slowly filling with junk". And that's how people work. They keep using it until it gets to the point of being unusable (which for people who used to run older PC's is actually totally unbearable). Then they might casually bring it up in conversation with me, not do anything for several weeks, then try to book my time to clean it up etc.

Come on, a few days ago there was a major news story about the head of Microsoft itself not being able to clean his friend's PC of spyware. I work with people who can't drag-and-drop, you really think they stand a CHANCE of even seeing that they've been infected, cleaning it themselves etc.? And with the growing spate of targetted spyware/viruses, I can't even rely on putting on a nice automated cleaning system (like Adaware/Spybot/AVG scripted to auto-update and then full scan) onto their systems.

The reason I don't hear about it any more? I raise my prices depending on how bad it seems when I hear about it. Can't get on the net at all? That's an extra £10/hour. Can't load any program? Another £10/hour. Antivirus isn't functioning properly cos something's interfering? Another £10/hour. Haven't GOT antivirus/firewall/updates? Another £10/hour.

Got up-to-date antivirus, a good firewall, an "alternative" web browser, scheduled anti-spyware, no visible signs of infection prior and somehow STILL got something nasty? (even if you accidentally clicked a link you didn't mean to, so long as you TELL me you did that) The price drops dramatically to the point where people don't say... "Uh, ok, I'll er... call you sometime." but instead say "Yes, please, if you could."

Users aren't getting educated, they're getting ignorant. They KNOW it's a virus/spyware and they choose to ignore it and continue with their work (which, incidentally, is not only usually private and confidential but usually vital to the running of the school they work for). When you're telling headteachers that X got on the system because supplier Y didn't issue an update, they just carry on regardless. They don't stop to consider what MIGHT have happened to the data (in complete breach of Data Protection laws I might add) or where it might currently be floating, even when informed.

The best customers in the world are the ones who KNOW NOTHING but ADMIT to knowing nothing and look to you for advice. They're the ones that you can TEACH how to use a computer safely. Everyone else nods along and then loads IE behind your back because they "know better" (for instance, they installed an anti-spyware thing "to keep IE safe" from a pop-up on their desktop just to give you

Re:Strange Days

"Your comment is just not true"

My comment certainly IS true.

YOU may have a different experience with the Windows machines you come into contact with.

I hate Windows with a passion that few in the computing world could ever hope to match. I personally use Linux and OS X. But the days of my Windows friends being constantly swamped by virus and spyware infections have for the most part gone away over the past six months. Certainly not as pristine a computing experience as I have with my OS X and Linux machines, but none of them ever talk about switching OSes anymore. Things could be better but life is no longer a living hell.

Re:Strange Days

foreshadow: To present an indication or a suggestion of beforehand; presage. ex. see Slasdot post by Anonymous Coward, Tuesday June 13, @08:57AM

08:57AM? I'm on BST, you insensitive clod!

Re:Strange Days

[ferrgle]

I think every IT support guy will agree. Users don't care as long as their system is still usable. The most common reply I get is "I don't use my PC for Internet banking and so have nothing to loose." I try the "If your computer is vulnerable it could be used by organised crime" But I'm not a salesman for Security, just a repair man.

Re:Strange Days

[shotfeel]

Most of them are extremely casual about all this "Oh, yes, I got a virus/spyware/malware a few months back...

What scares me is that some people seem to see this as a badge of honor, to the point of bragging about how "infected" their system is and everyone should praise their ability to slog through the mire and still get their work done.

Its like a geek bragging about having genital warts because it proves he's had sex with someone -yeah, someone with a communicable disease.

Re:Strange Days

I must say, that is the best explaination I have ever seen. I have seen the same thing, I mean someone will say they have a virus, and dont really care about it. I dont think the general population has it enough in thier head to think, hmmm, why are virus's bad. Maybe someone should make a PSA saying "Viruses are BAD" and give them a list of what they do.
Keyloggers
Create Pop-ups
Allow Remote Control
Send Passwords
Record Private information ....and so on, and so on.
I have known this since i was 12, and I am 18 now. Its rediculous. I think someone should spend some money and tell people dont be stupid.
I have messed with trojans and viruses myself...its amazing what they can do, and how ignorant people are of thier powers.

Re:Strange Days

[Neph]

Can't get on the net?
That's a paddlin'.
Can't load any program?
That's a paddlin'.
Interfering with the antivirus?
That's a paddlin'.
Not having antivirus/firewall/updates?
Oh you'd better *believe* that's a paddlin'.
</jasper>

Re:Strange Days

Everyone else nods along and then loads IE behind your back because they "know better" (for instance, they installed an anti-spyware thing "to keep IE safe" from a pop-up on their desktop just to give you one real-world example I've had).

I use three browsers (Opera/Firefox on Linux and IE/Firefox on Windows). To date, IE is the best from a performance, ease of use, and security POV - IMO! Of course, I have been using zones since the feature was introduced. The IE/zone model I liken to the user model of *nix. It is asinine that Opera and Firefox have to be patched with 3rd party apps to get this. No, I don't care if the 'average user' can't use zones - not my fucking problem. Accordingly, it is not your problem that the 'average user' can't administer a server (though it may be your job to do it for them). I have never been infected with malware using IE (except for Macromedia flash player for which an argument could be made - however tenuous - that it is not malware). As an IT person, I prefer to setup people on Firefox but as a user... blah.

Re:Strange Days

[HermanAB]

I tell my clients that I don't use Windows myself, since nobody pays me to repair my own systems all the time... That tends to make them think!

The only reason my notebook is dual booting, is to be able to support other people, so I can test out fixes, or walk through the menus of some incomprehensible program with a client. I don't actually use Windows for anything.

Re:Strange Days

[ledow]

I use three browsers (Opera/Firefox on Linux and IE/Firefox on Windows)

Why not Opera on Windows? :-) Actually, I use Opera on all platforms (primary desktop is Linux) and have IE on "standby" for stuff that demands it (erm... Windows Update basically). IE, in itself, doesn't have to be dangerous, no, but other browsers are a damn sight better at stopping anyone (casual user or expert) from doing something silly.

There were a lot of security problems that read "visit this link in IE". Think about that again... "visit a link". Not many other browsers will do more than crash or hang on the best coded page but in IE it can infect and run executable code as the user. And I'm not talking about expertly-tailored, perfectly formed buffer overruns that by a series of ever-more-complex crashes, faults and errors eventually run something but about visiting a link that then can directly execute code in the browser. I've seen several proof-of-concepts from a year or two ago that literally had a line similar to exec("c:\windows\notepad.exe") in them that perform the main damage.

Yes, I can turn EVERYTHING off on my IE and then every other site will demand I turn it back on to work, the Windows Update website will stop working etc. and I'm still not guaranteed that it'll work (most IE flaws are some sort of Zone bypass somewhere along the way). Opera, for me, has a better reputation. It doesn't do stupid things in the first place and, believe it or not, I can actually safely browse any website with the default settings so long as I keep it up-to-date (a disclaimer which, on my own personal systems, is a given anyway). It's a browser and it should not be executing code in any way - ActiveX was a damn silly concept. Opera understand this and haven't even TRIED to implement or replicate ActiveX or anything like it. It processes HTML and puts it on my screen and that's all I want a browser to do.

Most of the problems with IE come from ActiveX or the abilities that were put into the browser scripting language. Don't have those abilities present and, surprise, nobody can take advantage of them by tricking you into thinking that it's running in a different zone etc. Other things like buffer overflows in HTML parsers are rare yet Opera fixes them as soon as they appear on Secunia or similar websites. With IE, you have to wait until "mega-patch-Tuesday", if they even BOTHER to fix it.

"Microsoft Internet Explorer 6.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Highly critical"

"The Secunia database currently contains 0 Secunia advisories marked as "Unpatched", which affects Opera 8.x. This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details. Currently, 0 out of 13 Secunia advisories, are marked as "Unpatched" in the Secunia database."

That's the difference right there and it's been that way for an awful long time. And that's why I won't use IE or recommend it's use to even the most expert of people.

Re:Strange Days

[ledow]

Same here. Unfortunately the message doesn't get through and a lot of people don't even know that you can have anything non-Windows (a select few are aware of Apple Macs but only on the scale of "you can't play games on them or anything"). Computers=Windows where I work, so you tell them that you don't run Windows at home and you just get blank looks like you've said "my car doesn't have an engine or tyres". When you show them on a LiveCD, they ooh and aah but then just walk away to go click on more popups.

Re:Strange Days

Why not Opera on Windows?

It doesn't fill a niche, IMO. Both Firefox and IE run with good performance under windows. In linux & using identical hardware, Firefox seems very sluggish and not just the startup. Opera is an improvement under linux. I did try opera/windows but the Opera email client so sufficienlty ticked me off that the whole program was toasted. I may try Opera's mail under linux as Thunderbird is sufficiently poor in performance. Further, Thunderbird wants so much to send HTML emails and forward emails as ".eml" (or attachments) that it is a pain in the butt.

In fact, as a recent 'full time' linux user, my biggest gripe about linux applications is that try so much to be clones of a Windows version that they reimplement bad ideas and often do not implement the disable feature (or I have not yet learned to disable it - something Windows generally made relatively easy although that is changing). If clippy were not so universally despised, he would have been ported to Star Office. Thankfully, with more emphasis on open document formats, we are moving in the right direction.

Regarding zone exploits in IE, I am not aware of many instances where that happened (but my non-trusted zones have ActiveX disabled so it would be little concern to me if the exploit was via that route). Most exploits worked off default settings.

Yes, I can turn EVERYTHING off on my IE and then every other site will demand I turn it back on to work...

My experience is that flashy ads and spooky browser behavior gets disabled and the content remains. Opera and Firefox do not fix this 'out of the box'. That's a problem, IMO, and a hinderance to migration if you know how to admin IE. Slashdot worked best in my 'restricted' zone with everything turned off - otherwise it would crash. This was 'back in the day' and may not be true for the newer design.

The beauty of Vista

[madnuke]

No patches for me and most spyware and malware isn't compatible yet!

Re:The beauty of Vista

[42Penguins]

I ran the new beta in a virtual machine for a while... Tried to install spyware crap from some website, and it asked if I really wanted to do that. Only problem is it does that for pretty much EVERY program. Good for lusers, but frustrating if you actually know what you're doing.

Re:The beauty of Vista

[misleb]

BAD for lusers because then they get in the habit of "Just say OK." I hear Nancy Reagan is pretty upset.

-matthew

Oh

[Gr8Apes]

about $54B

Please!

[Kagura]

Don't fix it if it's not broken!

Re:Please!

[$RANDOMLUSER]

Of course it's broken, it's Windows.

Re:Please!

[kimvette]

Funny? Who the hell modded that funny?

Try Sad/Insightful. ;)

(I'm kidding, I'm kidding. Chill.)

"Mandatory" non-security update bugs me..

[d_jedi]

Fcuk Eolas. I don't want to apply that update, which will break countless websites (or, at least, render them less convenient to use)... SO SUE ME. GO, ON, YOU FCUKERS, SUE ME.

Re:"Mandatory" non-security update bugs me..

[wampus]

Wow, that was inappropriate... that should be big PERSON words.

Malacious hackers and GWA

[elrous0]

What worries me about the "Genuine Windows Advantage" thing is that it so easily allows MS to execute code on your system. I'm not worried about MS's code so much (though the idea of them quietly putting some NSA spying software on my computer without me knowing about it is disturbing enough), it's the possibility of malicious hackers figuring out an exploit--essentially giving them free reign to easily infect every Windows SP2 machine in the world with whatever software they want to.

-Eric

Re:Malacious hackers and GWA

[Orange+Crush]

And in the absence of GWA enabling Automatic Updates and blindly accepting all patches Microsoft deems "critical" [i]isn't[/i] allowing Microsoft to execute arbitrary code on your machine?

Re:Malacious hackers and GWA

[Vancorps]

Because this behavior is totally undetectable and it wouldn't cause a single issue in corporate America. You can't seriously believe what you're saying. There would be a such a backlash from this behavior if anyone ever found out that the majority of Microsoft's business would dry up in short order. I don't care how clever it is in hiding itself, anyone running Tripwire or the likes will detect the change and Microsoft would be liable especially if that computer was carrying sensitive information.

The only thing to semi-worry about is DNS hijacking and hosting of Windows Update site by a 3rd party phisher or the likes. Anything beyond that is just pure speculation about activity that cannot and will not happen. Microsoft is not all powerful.

Re:Malacious hackers and GWA

[humina]

Um... If you are running windows then what prevented Microsoft from having this feature installed from the beginning? Microsoft can always bundle that sort of thing in an update anyhow. I don't see how WGA changes things.

Re:Malacious hackers and GWA

[mmalove]

A couple things. First, everything you do on the internet, unless you are in the habit of traversing the web by numeric IP addresses, involves the DNS servers, and even if you do, involve hosting servers, and intermediate hubs. Secure your computer all you want, if the NSA is that concerned about which pr0n site you've been to lately, they'll find it. Ok, maybe they won't, but I'm convinced at this point they could. Call me paranoid.

Second, the concern about WGA's ability to execute code, and not be uninstallable, is very valid. Microsoft has repeatedly proven that it cannot produce robust, unhackable code (Windows, cough cough). And the sheer number of hacks around to disable this thing already leads me to believe that the only reason we aren't all on botnets right now is the mere good graces of the hacking community. Here's a strange idea: why not give the user of a computer the ability to choose what code gets run on his own system? I'm pretty sure it hasn't been patented yet, jump on it!! (Yes I know, that's *nix)

These anti piracy conventions make about as much sense as anti-gun laws: the principle is nice, but in the end, all you do is hurt the civilians. The pirates will still crack the OS, and the criminals will still have guns. I seriously want to see a financial statement from Microsoft showing any noticable gain in the number of licensed operating systems as a result of the advent of the "genuine advantage".

Re:Malacious hackers and GWA

[Yer+Mom]

And the sheer number of hacks around to disable this thing already leads me to believe that the only reason we aren't all on botnets right now is the mere good graces of the hacking community.

Or, you know, the fact that some of us are on Macs. Or running Linux :)

We've had a machine here at work fail WGA, even though it's a legit licence. Fortunately, the box in question is due to be turned into an IPCop box in a week or two, so no biggie.

The part that worries me is that it sets a precedent - will all sorts of other companies feel free to plaster your machine with 'you haven't paid' banners that pop up every 15 minutes now that Microsoft's done it and not been flamed to a crisp?

Re:Malacious hackers and GWA

[kimvette]

Because this behavior is totally undetectable and it wouldn't cause a single issue in corporate America.

You're not thinking like a PHB:

  - Vendor lockin - switchinng to alternatives is too much work
  - PHBs swallow FUD hook, line, and sinker, and don't realize that when microsoft advertises TCO, downtime, etc. they redefine those terms without really explaining how they define those terms
  - Swag (T-shirts, gadgets, trips to Hawaii)

Microsoft Windows is going to be locked into the corporate world for a long, long time. It may gradually lose to Linux, BSD, OS X, etc. but it will not happen overnight. First off on the Linux front, you NEED more commercial application availability ( Acrobat, Photoshop, Illustrator, Quickbooks, BETTER PIMs than kontact and Evolution, video editing apps, etc. ). Commercial apps for BSD are pretty much nonexistent. Although their explosive growth is at an end, Microsoft will be enjoying their reign for a good while longer.

Re:Malacious hackers and GWA

[Vancorps]

Last I checked updates were 100% optional on Windows. If you don't want WGA abritrarily executing MS code then don't download and install any updates that have anything to do with it.

As for corporate America which uses SMS or WSUS all updates go through an approval process first and then are authorized to be installed on clients. Sorry but when a client on my network does a DNS lookup they aren't go out to the Internet everytime. Yes the NSA can and probably does monitor anything and everything but that is a completely different conversation.

So yes, Microsoft gives the user the ability to choose what code gets run on their own system. What is your point exactly? Vista even takes this very concept even further and thanks to Eolas some of this will happen on 2k/XP as well. No more automatic ActiveX. You seem to be a little confused about what Microsoft has the power to do. Yes, technically they have the ability to do anything with their operating system but they have a huge install base with some very very large companies that pretty much dictate the changes that need to be made. Despite what you may thing changes don't occur on the whim of Mr Gates.

I agree that WGA does nothing to solve the problem of piracy but thats not its entire goal. It's goal is to educate users to show them that they bought a copy from an unscrupulous shot and that their money is not to be trusted with this entity. This happens far more often than you may thing and is where their economic statement would show the decrease in piracy. It's hard and harder these days for a small shop to pass off a copy of Windows as being validly licensed. That's the goal of WGA.

Re:Malacious hackers and GWA

[Vancorps]

Even the most clueless PHB would care that proprietary corporate information could leave their office through a Windows update. They have a nice big company they can blame for this and they have lots of lawyers that would show Microsoft it's not all powerful. Microsoft understands this and so it listens to its large corporate customers when they introduce features which could potentially devistate privacy as we know it. Microsoft will not introduce a feature unless it can be shut off and shut off via policy of domain. So I'm really not worried about WGA. All my software is legal so I don't need to crack it and updates only occur after I approve them. Running the update through tripwire is an easy way to make sure what's being changed is exactly what Microsoft says is being changed. It happens a lot that the documentation isn't complete but thats why we go through our own approval process.

Re:Malacious hackers and GWA

[mrchaotica]

Microsoft wrote and compiled your software to begin with. It already has root on your box, whether you use "Genuine Advantage" or not.

Beware of Microsoft's advice

[obender]

From TFA:

On its security blog Microsoft wrote: "We strongly recommend that those of you who are still running these older versions of Windows upgrade to a newer, more secure version

Well, I folowed their advice and upgraded from 32 bit linux to amd_64 linux. Now I have no Macromedia Flash player and there's no hourly trunk build of Firefox.

Re:Beware of Microsoft's advice

[sgt+scrub]

LOL good one!

re: 64bit - if your using gentoo net-www/netscape-flash works with firefox emerge -av netscape-flash www-client/mozilla-firefox
i don't know how close the the nightly build it is.

Re:Beware of Microsoft's advice

[fmoliveira]

You can install a 32-bit firefox, and run the flash and java plugins. Worked well with my amd64 FC5.

Re:Beware of Microsoft's advice

[paralaxcreations]

Guess that's what happens when you follow Windows advice for your Linux system.

Re:Beware of Microsoft's advice

[jZnat]

Well, there's Gnash, but that's besides the point.

Re:Beware of Microsoft's advice

[thewils]

Dude, I think the parent was referring to the fact that having no Flash is a gooood thing.

Updates? What updates?

Here I am, checking windows update from a few computers (win2k, winxp) and no updates to be found at all at 9:05 am eastern time. MBSA doesn't find anything either.

So, has microsoft redefined tuesday to mean something else?

Re:Updates? What updates?

[ST47]

do you mean this one: Security Update for Windows XP (KB901190) Typical download size: 148 KB , less than 1 minute A security issue has been identified that could allow an attacker to remotely compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer. Details... Security Update for Windows XP (KB901190) Date last published: 2/14/2006 Typical download size: 148 KB A security issue has been identified that could allow an attacker to remotely compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer. System Requirements Recommended CPU: Not specified. Recommended memory: Not specified. Recommended hard disk space: Not specified. How to Uninstall This software update can be removed via Add or Remove Programs in Control Panel. Get help and support http://support.microsoft.com/ More information http://go.microsoft.com/fwlink/?LinkId=49512 Print | Close (that link is really big, so ill just put the subheading) Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190) anyone use the Korean Input Method Editor? :P

Re:Updates? What updates?

Just checked windows update again (at 9:53 am eastern time) with a number of win2k computers and it reports no new patches.

Of course, the likely cause is that windows update is a piece of shit.

Re:Updates? What updates?

A further example. Go to microsoft's security site, and there is no mention of the june updates. If you click on "this month's updates", you get the May updates, not the June ones (as of 10:33 am eastern time).

Bunch of idiots. Can't they update their web pages?

Re:Updates? What updates?

[AngusSF]

In Redmond Tuesday starts at 10AM PDT ...

Firefox?

[NXprime]

And this effects Firefox, how? Has FF implemented this yet or do they not have to? To me, I don't use IE, so I could care less about this patch.

Re:Firefox?

[mlefevre]

A change hasn't been implemented in Firefox, and indications were that there wouldn't need to be one.

The founder of Eolas said in eweek (in September 2003):
"We have from the beginning had a general policy of providing non-commercial users royalty-free licenses. We expect to be paid for the commercial use of our technologies....We released our browser back in 1995 to the world free for non-commercial use, so that should be an indicator to people that the open-source community shouldn't have anything to fear from us. The extent that those products are used commercially by others or resold commercially, sure we expect to be talking to people who are making money through the use of that technology."

I don't recall seeing anything about Mozilla obtaining a license. I don't know if they have, but maybe if Eolas hasn't pursued them about the patent, they haven't seen a need to do so.

Re:Firefox?

If you use Windows, you use IE. There's no way around it. IE is everywhere in that bloated piece of crap called XP.

So suck it up and install Linux you panzy.

Re:Firefox?

[Twanfox]

Ironically, that would seem to mean that if, say, Microsoft had not bundled IE with Windows (a commercial product) and had instead left it free to distribute then not even IE would have been affected by the lawsuit. Frankly, though, the nature of the patent and the one-sidedness of how they intend to pursue it bother me. How is 'automatic startup of a plugin/control (or whatever the patent relates to)' a novel concept?

Re:Firefox?

I don't recall seeing anything about Mozilla obtaining a license. I don't know if they have, but maybe if Eolas hasn't pursued them about the patent, they haven't seen a need to do so.

I tend to think that that is the worst situation Mozilla could be put in. Without anything in writing they are open to lawsuits from Eolas or their successors at any time and damaging FUD about the insecurity of their position while they wait for it. That 2003 quote you mentioned ("...we expect to be talking to people who are making money through the use of that technology") predates Mozilla sitting on a buck for every one of their 50 million users too.

I'm as ignorant as you on whether this is a non-issue though, hopefully they have got a license.

Re:Firefox?

...couldn't care less...

How much in (RIAA/MPAA) revenue ..

"Ever patch a system and have some core services not work after?

The patches cause downtime as well."

That's why you test out patches on a test system. If you're patching a critical system without that first step, then you deserve what you get.

Re:How much in (RIAA/MPAA) revenue ..

[Trigun]

I've successfully done patches on a test system and had it fail on the production server. The fact that everyone tells me what boils down to "Run two parallel networks, with the same load and same traffic types" does not bode well for Microsoft's lower TCO argument, nor does it make you look any smarter. In the real world, the SME's don't buy racks and racks of identical servers. They buy one server to do what they need.

Patching for the SME resembles this: Read everything about the patch, what it is fixing, and how to mitigate the damage or exploit. Image the server. Wait 1-3 weeks for ISV's to verify that the patch won't affect anything critically. Image the server again, install patch. Cross fingers, then reboot.

You don't go to a car dealership, find the car that you want, and then say "Great. I'll take two", and you shouldn't have to with servers.

*shakes head?*

[Monkeys!!!]

I was sitting here wondering why my laptop hadn't started to automatically update....

Then I realised I was booted into Ubuntu.

*slinks off into the night*

Re:*shakes head?*

[CodeMasterPhilzar]

Me too. My Suse based, FireFox/Thunderbird/Open-Office system says "what patch?" ;-)

re: Ubuntu... I just tried that last week on an old system. Have to say it was pretty neat, 1 CD but two problems. During install it said it could run X at 1024x768, 800x600, and 640x480. Yet when it came up it was in 640x480 mode and I could not change it - 640x480 at 60Hz were the only selections. Granted, this could be "pilot error" on my part since this is my first exposure to Gnome. (I'm a KDE guy) Maybe I'll try the Kbuntu build...

The other problem was that it did not find my "classic" MS serial mouse connected to COM1. (yes, this is an old system) Yet when I hot plugged a USB mouse it started using it right away. Here again, I could find no way to manually configure/tell it there was a serial mouse out there.

No big deal though. I'm happy with my Suse and Red Hat boxes. I am going to get a "live CD" Linux for booting/rescuing. Maybe Knoppix or something similar.

Re:*shakes head?*

You need to manually edit /etc/X11/xorg.conf and add the proper refresh rates and modelines or ...
open a terminal and type
sudo dpkg-reconfigure xserver-xorg
(enter password)

then add the appropriate refresh rates when you get to that section (for everything else you will probably just want the defaults).

Re:*shakes head?*

[idonthack]

During install it said it could run X at 1024x768, 800x600, and 640x480. Yet when it came up it was in 640x480 mode and I could not change it - 640x480 at 60Hz were the only selections.

That happened to me when I installed Ubuntu on my sister's computer. Some monitors can't use higher resolutions unless the HorizSync and VertRefresh rates are configured in /etc/X11/xorg.conf, something the installer does not do by default. I used a Knoppix CD to find out what they were since it prints them out at bootup, but with a quick google I don't see any mention of standard utilites to find them. Try booting from the LiveCD again and looking at its generated xorg.conf.

Re:*shakes head?*

[Ambidisastrous]

That's funny, I think mine got this update on June 1!

The Mac way

[k1980pc]

I don't feel windows sending critical updates should cause any flare-ups. Putting your system on automatic updates and let windows update the system is easy enough. One thing I would like Windows to do is something like my Mac - Every critical release being a new version number for my OS - I really love the feeling-of-security when my OS goes from 10.4.5 to 10.4.6
[ It's another matter that 10.4.6 had made my system un-bootable and I had to reinstall 10.4.2 from disc ]

But I cannot understand why ppl raise a huge hue and cry when MS finally manages to update the OS. Same people alternate between Damn-you-fix-the-bloody-flaw-TODAY or go-rot-in-hell-i-WONT-apply-this-update mentality. I'm a mac guy,but lets give credit where it is due.

Re:The Mac way

[Duds]

And at least unlike Apple, MS don't charge full price for every service pack.

Re:The Mac way

[powerlord]

True ... on the other hand, Apple's service packs tend to be more tested, include functionality that upgrades the system, and are more like OS upgrades than Service Packs.

The Apple equivalent of Service packs are the Z level revisions (as in X.Y.Z, patch level, for Major, Minor and Patch level). They only charge for the X and Y upgrades.

Of course ... considering how often they come out, I mean, we're on the fourth or fifth version of OS X now, and the third or fourth patch level of it.

Won't they be coming out with "OS Horizons" soon? ;)

What? They're just going to release 10.5 ... where's the fun in that?

Re:The Mac way

[skeletor935]

Unfortunately slashdot would lose half its customers if it didn't keep posting about M$ updates so all the zealots can get in their weekly preaching on about how grate *nix/macs are atleast once a week.

Re:The Mac way

But I cannot understand why ppl raise a huge hue and cry when MS finally manages to update the OS. Same people alternate between Damn-you-fix-the-bloody-flaw-TODAY or go-rot-in-hell-i-WONT-apply-this-update mentality.

Well, that's simply the mentality of people who NEED to have something to complain about. You know, the ones that run Linux as their primary OS and only run Windows alongside it "because they have to."; they will jump at every chance they get to rant about Microsoft, because "M$ is teh evil!!1" (this is Slashdot, mind you).

Re:The Mac way

[boyfaceddog]

Apple doesn't charge for the downloaded updates.

Re:The Mac way

[walt-sjc]

Nice flamebait. Apple doesn't charge for service packs - they charge for major releases just as MS does. They just don't pretend it's all new and totally change the version numbering and naming scheme like MS does. It's also less expensive - especially for multiple computers with the family pack availablilty ($200 for 5 licenses.) Not saying that Apple is perfect, but at least they don't have "activation" and "WGA" either.

Re:The Mac way

[I'm+Don+Giovanni]

"I would like Windows to do is something like my Mac - Every critical release being a new version number for my OS - I really love the feeling-of-security when my OS goes from 10.4.5 to 10.4.6"

Mac Security Updates don't change the OS version number.
If you examine Apple's Security Updates here, you'll see that the updates that are called "Security Updates" don't change the OS version number. The updates that do change the version number are called "Mac OS X Update" (e.g. "Mac OS X 10.3.9 Update").

Re:The Mac way

[Overly+Critical+Guy]

Instead, they charge a full $300 for Windows XP Professional in 2006, require activation, require WGA, and phone home about you and your computer.

Apple keeps OS X releases updated throughout their life cycle, until they reach 10.x.9. Then a new major version is released for only $120. No activation, no WGA. Not even a serial number.

Re:The Mac way

[Keeper]

Not quite; you have to purchase an expensive dongle before you can run OS X.

Re:The Mac way

[dbIII]

Putting your system on automatic updates and let windows update the system is easy enough.

You can't do that in a production envirionment and it is irresponsible even in an office workstation environment. There are too many updates that require a reboot, which will of course will disrupt what you have a computer for in the first place. Every now and again when updates come out I get people coming to me asking why their computers restarted for no reason and what they can do about those unsaved documents - so I turn automatic updates off again and ask them not to turn them back on.

Re:The Mac way

[toddestan]

True ... on the other hand, Apple's service packs tend to be more tested, include functionality that upgrades the system, and are more like OS upgrades than Service Packs.

Keep in mind that could pretty well describe XPSP2, though the "more tested" point could be debated a little.

Re:The Mac way

[Overly+Critical+Guy]

You have to buy a PC to run Windows, too.

Re:The Mac way

[Keeper]

Good lord man, it was a joke. I fully acknowledge that I may not be as funny as I think I am, but geeze...

Re:The Mac way

[powerlord]

true, but I still remember the bloody hell people were screaming when a "Service Pack" upgraded functionality and changed the way their OS worked (and broke quite a few things).

They felt that sort of thing should be left for an upgrade, a 'dot' release (which MS curiously, doesn't really do any more, prefering to wrap up everything into their Service Packs).

Perhaps you're right and MS is ahead in the way that they are doing things, but I wish they didn't break things as badly during updates as they have.

I don't believe the automatic Apple updates have had the same impact (if only because they are more limited in scope).

Mo' money, mo' money...

[s31523]

With respect to:
"We strongly recommend that those of you who are still running these older versions of Windows upgrade to a newer, more secure version, such as Windows XP SP2, as soon as possible."
I think anyone who is still running windows 98 would be better off switching to Linux. I would have to beleive most software running under 98 could be run under Linux using Wine/Crossover Office, or alternatives found. More than likely, most 98 users just have some office type applications and never upgraded because they didn't need the fancy new OS. My old office still has 98 on many computers just because the people using them run basic apps that get by with what they have, and upgrades would be costly (relative of course, some small businesses would be hurt by 10K in computing upgrades). With so many security holes are known, and support is ending, AND newer Linux distros are pretty darn close to "it just works", we may see small pockets of Linux migration.

Re:Mo' money, mo' money...

Since when is SP2 more secure than any other form of windows? :-P

Re:Mo' money, mo' money...

[Crisses]

I have a x86 dual-boot. Win98 and Debian.

I have both OSes set up with static IP on the lan. The static for Win98 is blocked at the router. It can't go to the net.

What I use it for is the copy of IE 6 I installed on it. I proof websites I create on my Mac, hosted by Apache on my Mac to the lan. When I need to check a site I'm designing, I just start up the ol IBM Intellistation dual boot and check in IE and Firefox on the PC.

I do wish I could get the latest stupo-patch for IE on my 98 box, just so I can tell when this embedded object problem might break a page, but M$ wants you to have a legit XP machine, and won't allow me to download the patch to the Mac. Thankfully I don't do Flash, so it's probably not a huge deal anyway.

OTOH, maybe M$ is doing people a favor who have older Windows OSes by not updating their IE -- they won't get that frustrating pop-up when watching their outdated porn sites.

Naive question of the month

Like most, I use Windows at work and find it to be stable, fast etc. I don't have to maintain the damn thing and rarely notice any updates. Presumably the Windows Orks at work have that all properly scheduled, etc. I am a LT Sun/*BSD/Linux user otherwise, so I honestly haven't a clue as to how to admin. anything related to Windows. Obviously, most organizations of any size are wedded (or believe themselves to be) to MS. But here is my question: With all of the constant security BS related to this OS, why the helll do IT managers put up with this? Seriously, how terrible will this OS have to become for a real exodus to take place??

Re:Naive question of the month

[sedman]

What makes you thin IT managers have a choice?

When the decree comes down from "the powers that be" that fact that the decree was uniformed or even foolish has little to do with the IT manager's ability to do the right thing as opposed to the decreed thing.

Re:Naive question of the month

[stinerman]

Seriously, how terrible will this OS have to become for a real exodus to take place??

Many times it has nothing to do with how bad the OS is, but rather how much more expensive a *nix/*BSD admin will be.

Re:Naive question of the month

[Serilkath_Montreal]

It's not the IT staff it's the manager and the users that doesn't want to switch. Too hard to learn some others habits and you're the only one who get screwed at the end, your job isn't their concern, they don't even think about it when they screw something by being stupid. For them Windows is perfect, it's pretty, there's word, excel and powerpoint on it, they can listen bad music(tm) internet radio with it and most importantly process easyly their photos etc. The other problem is the attitude of the Linux community, the "get bent, the documentation is in the source code, read it" answer you get each time you dare ask something doesn't suit too well with the non computer literate end-users.

Re:Naive question of the month

[Overzeetop]

Oh, you are tempting the mods today. You may as well say that Apple iPods suck.

You are, however correct. Other will point out that those dime-a-dozen MCSEs can't manage a system worth a damn, and if you got a competent IT admin for Windows they'd be just as expensive as a competent *nix admin. Which is also true. But sometimes all you need in a small IT department is someone who can follow the install prompts, check to make sure the components are plugged in, and wipe the users asses when they make a mess. A truly competent admin would get bored and look for a challenging oppotunity, but a shit-dumb MCSE who can press enter to continue will be happy working 4 hours a day and surfing the other four, even if the wages aren't the best.

MS not supporting what they say they do!

[internewt]

From the article:

At the same time as information about the update was being released, Microsoft mentioned that it will not be able to patch Windows 98 and ME against a loophole discovered in April 2006.

Fixing this bug in the ageing software would require a major re-write of the Windows Explorer program used in these old copies of the operating system.

Microsoft is not prepared to undertake this work, given that all support for Windows 98 and ME ends on 11 July 2006.

So even though Microsoft have stated that they support 98 and ME until 11th July 2006, they will not support those two OSes today?

Yes, people are crazy if they rely on 9x in anyway, but when Gates says he'll support it until a date I'd expect support to be provided, even it means some changes to the shell. And we all know how much exageration is used when a job is being avoided... ("major re-write of the Windows Explorer").

Re:MS not supporting what they say they do!

[Richard_at_work]

The bugfix may take longer to produce than is left on the support period, because it involves a heavy rewrite of some areas. Thus, if the patch is not likely to appear before the support EOL anyway, its justifiable to not start on it.

Re:MS not supporting what they say they do!

[insecteye]

Lots of developing and thirdworld countries are running on 98 cause their HW won't support anything newer. Try running XP on a Pentium I or II with 128 megs of memory. True, people should switch to linux and forget all of this M-$hit .

Re:MS not supporting what they say they do!

In that case its also justified to end the warrenty on your laptop 2 weeks early because it would be expensive to replace.

Re:MS not supporting what they say they do!

[boskone]

It's worked fine for me in the past. XP is usable as a web browser/email/light document machine on a pentium 200 with 64 mb of RAM. Just don't install acrobat, realplayer, bonzi buddy, etc.

Re:MS not supporting what they say they do!

[Keeper]

"Paid incident support is now available through July 11, 2006. Extended hotfix support for Windows 98 and Windows 98 Second Edition ended on June 30, 2003. Extended hotfix support for Windows Millennium Edition ended on December 31, 2003. Online self-help support will continue to be available until at least July 10, 2007. For more information about the type and length of support provided, review the Windows 98, Windows 98 Second Edition, and Windows Millennium Edition Support Extended Announcement Web site. Critical security updates will be provided on the Windows Update site through July 11, 2006. Microsoft will not publicly release non-critical security hotfixes for Windows 98, Windows 98 Second Edition, or Windows Millennium Edition. However, customers may request a non-critical security hotfix through On-Demand Security Hotfix support. This support is offered for these products through July 11, 2006. When a request is received, Microsoft will investigate the issue and try to provide an appropriate response to the customer."

http://support.microsoft.com/lifecycle/?p1=6519

Get your facts straight.

So Illegal Copies Break The Law (Again)?

[aslate]

I find it interesting that illegal copies of Windows aren't able to update the fix for the legal settlement. Microsoft have finally changed their WGA tool to "Do not allow update unless user PC submits 'Yes it's valid'" from "Do not allow update unless user PC submits 'No i'm not valid'", i thought it was odd the way their system worked before.

This is why i'm using Autopatcher XP (Annoying forum-based website), you can download the updates off them, see the details and unselect all the crap you don't want, without having to go through Microsoft and Windows validation. You just have to wait a while before they release the newest version.

Re:So Illegal Copies Break The Law (Again)?

[mopslik]

I could be wrong, but I thought that you could still use the Automatic Updates feature without WGA validation, and that only launching Windows Update would prompt you to verify your legit copy of Windows.

Re:So Illegal Copies Break The Law (Again)?

[aslate]

True, although saying that i clicked the "Enable auto-updates" feature on the MS Update page and made sure to choose "Inform me of updates before downloading or installing them" option, i didn't want WGA installing on my PC.

5 minutes later i see a Security Centre icon in the bottom right and it's downloading and installing updates i didn't even agree to.

Windows Genuine Advantage "Your install is not valid" here i come...

Re:So Illegal Copies Break The Law (Again)?

[ruiner13]

Or just use windizupdate.com if you use firefox. Nice way to admit to the world that you're using a pirated copy though, bud. :)

Re:So Illegal Copies Break The Law (Again)?

[aslate]

What are they gonna do? Send a popup to my machine every 10 minu...hang on a sec!

Re:So Illegal Copies Break The Law (Again)?

[mopslik]

That's strange, although I have heard others echo similar comments. I can't verify this at all, since my XP computer at work is set to "notify me only" and it does just that -- a popup windows appears saying "new updates are available, please click here to start downloading". If I do nothing and reboot, the same keeps happening until I finally choose to install.

I guess this thread is to what you are referring, or something similar. Again, I have never seen this firsthand.

Re:Strange Days - Reminds me of...

[PoconoPCDoctor]

Great comment and definitely correctly moderated as Insightful! (OK - does this qualify me as fulfilling my meta-moderating for the day? lol)It reminds me of a great page I saw on a friend's web site.

It was so on target I asked his permission to publish it on another blog I write for.

BTW, my friend is also an amazing photographer as well - check out his photography site if you have a chance.

Re:Word of the Day: MacSnob

[geobeck]

Holy crap! Watch your step getting off that horse; it's a high one!

When my current PC outlives its usefulness, I'll be a "switcher" too. And look out, because there are going to be a lot of us pretty soon. Whether we meet you high, exacting standards is moot. Thanks to current Windows trends, Mac is about to become a lot more popular.

And I guess MacSnobs wouldn't know Clarus from Claris. Maybe the word of the day is Pretender .

Testing good, but you can still get bitten

That's why you test out patches on a test system. If you're patching a critical system without that first step, then you deserve what you get.

When Windows 2000 SP4 came out we tested the crap out of it on 3 different test boxes. Everything looked great. Then we rolled it out. Luckily I insisted we roll it out in stages. During stage 1 EVERY single production system bluescreened. D'oh! Turned out a little known setting to fix a performance issue with the Netware client, wasn't compatible with some change in Windows. [tinfoil hat] Not the first time that a Netware fix got broken by a Windows fix.
[/tinfoil hat]

Re:Testing good, but you can still get bitten

[Heem]

Not the first time that a Netware fix got broken by a Windows fix

But I'm sure Microsoft didn't do that ON PURPOSE.

Re:Sigh. It's gonna be...

[MtViewGuy]

Only one thing though: I just checked Microsoft Update right now (0654 hours PDT on 13 June 2006) and I don't see any Critical updates to be downloaded. I did get a .NET Framework 1.1 update last Tuesday but I didn't see anything else. (scratching head)

Windows 98

[WhiteWolf666]

The funny part is these "unfixable" vulnerabilities have been there since day one.

I love it. Each and every one of you out there using Windows XP should truly understand that one day, MS will say the same thing about XP, too.

"It's so broken we can't fix it. Buy a new computer."

Only in a Microsoft world would still-supported products be abandoned since they were, "just too broken." But the irony is that this "breakage" is not something that appears over time; it's not bitrot. These are security vulernabilities that have always been present.

The Microsoft patch cycle is a joke. Needing a torrent of patches in order to stay "secure" means that you probably aren't secure anyways. Within 100,000 issues waiting to be 0-day'd, and with a significant fraction of those both _critical_ and _unfixable_ (EOL, or now, it seems, "near EOL"), how the hell can you sleep at night, unless you fix computers?

And if you are an MS maintenance drone, I guess you can sleep really well at night.

Re:Windows 98

[Chanc_Gorkon]

Come now....Windows 98/98SE/ME use a kernel (DOS FOLKS!) that has not been impotant for quite sometime now. Do any Linux Kernel developers still work on the 2.0 kernel?? Does Red Hat still patch Red Hat 6?? NO!

Everyone ASSUMES that Microsoft is dropping support just because it's too broke and that probably isn't even CLOSE to the truth. The real reason is likely a combination of the two. From the archtecture basis, Windows 98/98SE/ME are UNSECURE! Microsoft has a much better chance of securing things with XP. That's not to say there's no holes in XP....there is. But the reason software is dropped from support is merely a business reason. When 99.9 percent of thier support calls are likely Windows XP or 2003 Server related, what sane person would choose to continue to patch something almost NOONE uses!

Re:Windows 98

[Philnet.HFZ]

Hey! I still use Windows 98 (well only sometimes). It actually runs pretty well if you happen to remove that Internet Explorer crap that comes bundled...

But seriously, I run Windows 98 with the ultra-light Windows 95 shell and de-integrated. 98lite was the best thing I've ever downloaded!

Actually, just removing Internet Explorer probably "patched" quite a few of the security flaws.

Re:Windows 98

[drinkypoo]

Come now....Windows 98/98SE/ME use a kernel (DOS FOLKS!)

All people interested in accuracy should have stopped reading right here.

See, what the parent comment's author clearly does not understand is that Windows 9x does not run under DOS. It is launched from DOS. DOS is a boot loader. It is as important to Windows, once running in GUI mode, as grub or lilo would be to Linux if it weren't cleared from memory once the kernel loaded.

The DOS kernel loads. Then the DOS command shell loads. From there, windows is launched, and takes over the system.

Please stop repeating this PURE BULLSHIT to people. DOS is as much a part of windows as grub (or lilo) is Linux.

Re:Windows 98

[Dahan]

It is as important to Windows, once running in GUI mode, as grub or lilo would be to Linux if it weren't cleared from memory once the kernel loaded.

Is this the official party line? Does Linux call any grub or lilo code after it's booted? No. Does Windows 9x call any DOS code after it's booted? Yes, all the time. Have you forgotten the investigation that Matt Pietrek and Andrew Shulman did?

Re:Windows 98

[drsmithy]

I love it. Each and every one of you out there using Windows XP should truly understand that one day, MS will say the same thing about XP, too.

Each and every one of you out there using any commercial OS should truly understand that one day, your vendor will say the same thing about your current OS, too.

Only in a Microsoft world would still-supported products be abandoned since they were, "just too broken."

Note that "only in a Microsoft world" is a product like Windows 98 supported for so long in the first place. When was the last time Apple released a patch for MacOS 8.x ? How about Red Hat for RHL 5.x ? Heck, I don't Sun even support Solaris for that long and it's an enterprise-class server OS, not a home desktop OS.

Your criticism is petty, to say the least.

But the irony is that this "breakage" is not something that appears over time; it's not bitrot. These are security vulernabilities that have always been present.

Windows 98 is nothing special in this regard.

The Microsoft patch cycle is a joke. Needing a torrent of patches in order to stay "secure" means that you probably aren't secure anyways.

Maybe you should have a look at the volume and frequency of patches on other systems.

Re:Windows 98

[IchBinEinPenguin]

Does Red Hat still patch Red Hat 6?? NO!

Right, but it you _REALLY_ want to, you can download the source and fix it yourself.
If there are enough people like you who want it to work a third party can provide support. How many people WANT to use Win9x because it does everything they need it to and doesn't require a HW upgrade?
With commercial software you don't get that option, support (usually) stops when the vendor says so, not when the customers say so.

big security update

[dbmasters]

:::yawn::: - sorry, just isn't exciting, and isn't really news...

People Don't Want to Be Bothered

[Greyfox]

They just want their computer to work. You see the same mentality with cars. People will ignore just about anything because they didn't think it was serious. Things that could potentially end up deadly. The computer's a lot less dangerous than that. Oh they'll squeal like stuck pigs if someone loots their bank account or something like that but at least they didn't die of it. Hopefully anyway...

Hell most people don't really need to be on the open Internet at all. They only visit a couple of sites and pick up email from the grandkids. You shouldn't have to expose yourself to international terrorism for that. Maybe we should just go back to the local BBS days or something...

At some point people are going to get sick of it, though, and start considering safer alternatives. I'm pretty sure Microsoft realizes this, too. They started mumbling about security when Linux came on the scene, but the mumbling got a lot louder when Apple released OSX. Sure you still have to worry with OSX. You have to worry with anything you connect to the Internet. But you have to worry a lot less. I'm telling any of my relatives that they can't afford not to make the switch when they ask me for upgrade advice. Oh hackers will start targetting the platform eventually, sure, but they still won't be able to do much damage. And once corporations start realizing that they could divert a lot of their IT effort away from their security efforts by switching I think we'll start seeing some big customers switching from Dell to Apple. Hell, Sun requires you to justify having a windows machine at your desk -- otherwise you a Solaris box. There were always some chuckles on my floor whenever a Windows virus notification came out.

Re:Word of the Day: Switcher

[SomeoneGotMyNick]

But a real Mac user is born, not made.

That's what they kept telling me when I was an Amiga user. I still have a fondness for my old Amiga(s). It's unfortunate Commodore didn't market it directly to a single industry for a while (like Macs with the desktop publishing). They barely marketed it at all. Who knows what direction things would have went if Tramiel didn't leave. He didn't stop in to take back control of C= when it was faltering. At least Jobs stepped up to put Apple back on track again.

MOD PARENT FLAMEBAIT!!

[Rogue+Pat]

And at least unlike Apple, MS don't charge full price for every service pack.

BS and you know it. All updates are free of charge, see Apple's web site

Re:Word of the Day: MacSnob

[jejones]

And I guess MacSnobs wouldn't know Clarus from Claris.

Given the link you provide for Clarus, perhaps pretender is indeed the word of the day.

Coincidence

[caluml]

A company closed associated with ours (a very large telecoms company in Europe) seems to have fallen off the map since about 12.30 today.

Coincidence?

No...

[Aqua_boy17]

They just haven't been released yet. Keep checking here: http://www.support.microsoft.com/gp/securityitpro

Typical Macintosh User

You, my friend, are one hell of a typical macintosh user

Re:Word of the Day: MacSnob

[geobeck]

Whaaa...?

What does storybytes.com have to do with clarus.com? Whatever, here's the Google search result for Clarus.

WTF?

[Aqua_boy17]

"Presumably the Windows Orks at work..."

Wow, I didn't even know Windows had an LOTR version.

Or by Orks, did you mean PHB's? Jus' checkin'.

Re:WTF?

[Aqua_boy17]

Oops...just read your entire comment so please disregard parent. Hey, it's been a long day and I've already been here since 4 am...oddly enough applying the May patches that we were behind on. :P

windows...

[Ichigo+Kurosaki]

While I was reading this article an odd thought came to my mind. When Bill decided on the name windows did he choose the name b/c windows are easy to break?

Re:windows...

[rickb928]

He probably heard 'windows' in Palo Alto, and gee, what a great idea! Brilliant!

Brilliant!

rick

Re:windows...

[ratboy666]

The name "Windows" was chosen because Microsoft was selling vapour to forestall purchase of a product called "VisiOn".

WGATray

Wonderful - Not only have Microsoft required that their users download the Windows Genuine Advantage Notification tool twice in three months, now it seems that they're treating all their customers like potential crooks in order to "protect" flawed software. Screw this. From now on it's Debian on the notebook and Ubuntu on the desktop.

Re:WGATray

[raver31]

nah, you are gonna lube up and take it like the rest..... seriously, I service hospitals and health centres, and the majority of the computers in them run Win98 or WinME on the desktop served by either Linux or Novell..... Microsoft has some arrogance expecting companies to go out and upgrade all their computers, just to run their latest pile of bloated shite. Microsofts attitude to its customers can be summed up in the world of Jay and Silent Bob..... "Fuck them, fuck them up their stupid asses... they are fucking clown shoes"

And if you did do something wrong...

[Mateo_LeFou]

You're going to have to wait probably at least 12 hours before WGA is cracked, so you can keep doing whatever-it-was wrong.

Re:Sigh. It's gonna be...

[martums]

crap-free, printer-friendly view to aid in long week of patch craziness (yay)

Re:Word of the Day: Switcher

[ettlz]

real Mac user: someone true to who they are, the misfits, the rebels, the troublemakers, the round pegs in the square holes. The ones who see things differently. They're not fond of rules and they have no respect for the status quo.

These would be the Mac users who've abandoned OS X and installed Linux or FreeBSD, right?

Wow

You sure are bitter. Did Windows 98 kill your dog or something like that?

Re:Word of the Day: MacSnob

[jejones]

You may wish to actually read the link. A summary in case you don't: the linked page gives the history of Clarus, the "dogcow," named when a stray dingbat character in one of the original Macintosh fonts provoked confusion about whether it depicted a dog or a cow.

There's a certain irony in a person unfamiliar with Clarus labeling a Mac user a "pretender."

How much in (RIAA/MPAA) revenue-Linux TCO

"The fact that everyone tells me what boils down to "Run two parallel networks, with the same load and same traffic types" does not bode well for Microsoft's lower TCO argument, nor does it make you look any smarter."

Uh, huh. So you patch your critical Linux servers without testing first? Can I have your job?

Re:How much in (RIAA/MPAA) revenue-Linux TCO

[Trigun]

The fact that I can install a linux kernel and still boot the old one, install a new apache and leave the old one, replace pretty much everything and still have the old one working makes things a lot easier.

Also, the fact that I can grab the testing branch of my distro and try it weeks or even months in advance makes things a lot easier.

The fact that I don't have to buy $5000 worth of licenses coupled with the $5000 worth of hardware makes things a lot easier.

Go troll elsewhere.

Re:Word of the Day: Switcher

[kimvette]

Commodore did not WANT Tramiel to step in, to begin with. The parting of the ways was mutual.

The owners at the end did not care about the company, about growth, or technology, and would not have even considered bringing Tramiel's genious back in. They were far too busy engaging in insider trading and embezzlement than caring about their employees, stockholders, and the industry at large.

Mod parent up

Mod parent up +1 hilarious :D

--
~= scwizard =~

Re:Word of the Day: Switcher

I think my favorite would have to be this one http://dogcow.atspace.com/bleeder.html. Just wow.

Re:Word of the Day: Switcher

[drinkypoo]

The whole diatribe sounds to me like a critical examination of the message in Apple's advertising. You could sum it up more quickly though, it's SOP for most everyone: "Be different, just like everyone else." All advertising is intended to make you act like sheep, after all.

Re:Word of the Day: MacSnob

[Moofie]

Oooh, that was not pretty. You just got schooled.

Security by diversity

[DrYak]

No. If Linux, *BSD, or some other opensource operating system gets number one this IS NOT going to be the same.
Because most opensource operating systems comply to open standarts and you can imagine cohabitation of various different OS and distro.
It won't exactly be Linux becoming #1 standart, but POSIX as represented by various Linux distributions, and BSD variants, being standart.
Open-source code can rather easily get to cross compile across different *nix as long as they are standart compliant, and thus most needed software can be provided in the distribution.

Whereas malware, because it must find way to circumvent protection and operate without the user noticing it, must exploit very specific bugs and is highly dependant on the specific flavor on which it must run (versions of kernel/libraries/apps, CPU, compiler architecture, ...).
So yes, cRak3rz will still be able to program viruses, except that those viruses will only be able to attack opensuse 14.3, maybe fedora core 8, but not debian 3.3 because they all depend on a bug found in the linux kernel version 2.12.5.1, and the binary only work with EM64T architecture, not SPARC10 or ARM11, and *BSD are out of question.

And thus only certain users (those who use those specific distros) certain corporation (as long as they use only 1 single distro) will suffer from the virus.
Compare this to the current situation, where an overwelming number of individual and corporation are running Windows XP variant : a single virus is almost able to "Shutdown teh intreweb ! OMG!!11" (as nearly seen with some recent out break like Sasser or MyDoom).

In the past, when market wasn't so strongly dominated by wintels, you had very bad viruses at that time too, mostly copied through BBS, warez on floppies and such. There were a lot of badies back then, but none of them could just wipe out every home computer, because even if it could target every PC clone, meanwhile Atari, Amiga and other weren't affected.

OpenSource is about the freedom of choice. It's about being able to choose whichever Distribution/OS/software/whatever you want.
And freedom of choice brings diversity, which in itself makes it a harder target. But because opensource software tends to use open standarts, you won't end up with multi-platfomr madness of the Atari/Amiga era, and you won't end up locked into an isolated dead-end platform like the current windows situation is.

Re:Security by diversity

[drsmithy]

Whereas malware, because it must find way to circumvent protection and operate without the user noticing it, must exploit very specific bugs and is highly dependant on the specific flavor on which it must run (versions of kernel/libraries/apps, CPU, compiler architecture, ...). So yes, cRak3rz will still be able to program viruses, except that those viruses will only be able to attack opensuse 14.3, maybe fedora core 8, but not debian 3.3 because they all depend on a bug found in the linux kernel version 2.12.5.1, and the binary only work with EM64T architecture, not SPARC10 or ARM11, and *BSD are out of question.

1. Most "exploits" do not rely on software vulnerabilities.

2. Most modern unix systems are only different enough to be annoying and frustrating (from a user perspective) not different enough for diversity to be really effective. You know how nice it is to be able to sit in front of "any" unix machine and make it work ? The same principle applies to malware.

Re:Security by diversity

[DrYak]

Most "exploits" do not rely on software vulnerabilities.

Discussion is about software vulnerabilities, about microsoft having so poor security that need so much patching, and if this is a microsoft trait or if once linux rises similar sitution will be observed.
Of course, I know, there are some annoyance that aren't software dependent, like phishing, spam, spoofing and similar scam that aren't software dependant (and in fact even computer dependant and could also work with smartphone or even faxes) but wetware dependent.
But this is currently offtopic.

You know how nice it is to be able to sit in front of "any" unix machine and make it work ? The same principle applies to malware.

But you still have to sit in front of it, first place, or find another way to have access to the machine.

A well designed machine is supposed to be un-accessible from the internet. closed to the outside world, everything that enters (webpages and emails) should be sand-boxed, and any remaining door (remote ssh login) should be encrypted and secured.
To break into such a box, you go either thrue social engeneering (like trying to obtain password) or you count on the fact that this secure design is flawed at some place that you can abuse to break inside.

The more diversity is present in the market, the less likely that the same flaw will be largely widespread.
One winword document {specially forged/with a macro-virus} transmitted through e-mail on a web where the vast majority of users have microsoft-powered computer (and where maybe a couple of different MS-Office versions) could easily infect the most frequent(s) version(s) of MS-Office and thus cause trouble for a lot of users.
On the other hand, a OpenDocument with a specially forged (malicious) content on a more diverse world may work on a few different versions OpenOffice.org, but it won't probably work on other independent OASIS implementations, like KOffice, AbiWord and Corel WordPerfect, all of which could come in different versions (and the first two are also OpenSource), a smaller fraction of all users will be annoyed by a software bug.

Re:Security by diversity

[drsmithy]

Discussion is about software vulnerabilities, about microsoft having so poor security that need so much patching, and if this is a microsoft trait or if once linux rises similar sitution will be observed.

Your assumption (that I am disputing) is that Microsoft has "poor security" because they need patching, when the vast majority of Windows exploits are not made via software vulnerabilities.

Of course, I know, there are some annoyance that aren't software dependent, like phishing, spam, spoofing and similar scam that aren't software dependant (and in fact even computer dependant and could also work with smartphone or even faxes) but wetware dependent.

These are not "annoyances", they are the primary vectors for the vast majority of malware and other exploits.

This applies to all platforms, by the way, not just Windows. Software exploits are relatively uncommon. Remote exploits, even rarer. By *far* the most common way for any system to be exploited is via a user.

But you still have to sit in front of it, first place, or find another way to have access to the machine.

This is not especially difficult. Offer the user a candy bar, porn or a free iPod in exchange for access to their machine.

A well designed machine is supposed to be un-accessible from the internet. closed to the outside world, everything that enters (webpages and emails) should be sand-boxed, and any remaining door (remote ssh login) should be encrypted and secured.

I am not disputing this, however, I am saying that properly secured machines are both a) exceptionally uncommon and b) much harder to use.

To break into such a box, you go either thrue social engeneering (like trying to obtain password) or you count on the fact that this secure design is flawed at some place that you can abuse to break inside.

Most attacks (and subsequent exploits) are social engineering variants.

Re:Word of the Day: MacSnob

[geobeck]

Point taken, 'pretender' comment withdrawn.

'MacSnob' comment still stands.

Re:Word of the Day: MacSnob

Hahaha. The AC had it right: you're a poser.

There's a push to update

Hmmm...Just by Coinkydink, this coincides with the "Windows Genuine Advantage Validation" update that's sitting in everyone's update que. No-one's rushing to get *that* update, but WAIT, you have Microsoft telling you that June's update is HUGE!!! Security concerns run amok!!! Update and ye shall be saved!!! (And nagged to death if the genunive advantage validation tool doesn't care for your XP installation...)

M$ branding - Mod parent up

[zenhkim]

> The bottom line is Microsoft is a marketing company. It is not a company that prides itself on building superior technical solutions.... A technology driven company would have put preference on the technically superior solution ...Microsoft being a marketing company has done and is doing the exact opposite.

This is *exactly* what's wrong with Micro$oft (among so many other disgusting examples in the marketplace) -- the name means more to them than the game, which is to provide what the people want:

"Software comes and goes. What we're selling is Microsoft, not the individual products." -- Bill Gates

Remember that wretched Time issue way back in the Eighties, the one showing a smug Gates balancing a 5.25" floppy disk on one finger? That was just one of many instances where Micro$oft duped the media into believing the corporate hype, that M$ products were by far the best and most innovative in the market.

Never mind that M$ software was (and still is) buggy as hell. Forget that M$ frequently buys other developers' software, slaps shit all over it, then labels it as M$ product. All that matters is that Gates pushes his brand further and further throughout the market and into people's minds.

With priorities like that, it's no wonder M$ and its offerings are so fucked up.

Re: [OT] obl. south park ref.

Southpark context:

and i yelled, i said: "What you want from us monster?" and the monster bent down and said: "I need about three fiddy" ...[later]... there's this cute little girl scout, and she says to me "how would you like to buy some cookies?" i said "we'll take a gramcracker, how much would that be?" and she looked at me and she says: "I need about three fiddy" well it was about that time i noticed this girl scout was about 8 stories tall and was a crustation ...

The GP asked:

How much in lost revenue is all this Microsoft Patching costing the real economy?

So I'm here to humbly submit that the actual answer is: "I'm gonna need about three fiddy" And it was about that time the Moderators noticed that this Anonymous Coward was really an 800lb gorilla from Redmond, Wa.

Re:Word of the Day: MacSnob

[Pink+Tinkletini]

Let me guess, you don't know what Carl Sagan is either, do you?